# Ubuntu 16.04 security concerns



## blobster21 (Apr 22, 2016)

http://www.zdnet.com/article/linux-...tu-16-04s-new-snap-format-is-a-security-risk/

What do you think about this feature introduced in Ubuntu 16.04, called "Snap" :



> The new Snap app package format is a headline feature of the new Ubuntu 16.04, touted by Canonical as a secure way of developing software that makes it impossible for an app to steal your data.



*BUT according to Matthew Garrett (a well-known Linux kernel developer and security developer at CoreOS( :*



> "Any Snap package you install is completely capable of copying all your private data to wherever it wants with very little difficulty...[ ]...An application that has no access to any of your private data can wait until your session is idle, open an unconfined terminal and then use cURL to send your data to a remote site.



How comes they (canonical engineers) didn't see this coming ?? Is this a "stillborn" feature ??

Your input appreciated


----------



## natr0n (Apr 22, 2016)

The only thing I can think of is keep your personal/sensitive data on a removable drive.


----------



## silentbogo (Apr 22, 2016)

You have to remember that snap is optional.
As far as I know 16.04 Beta 2 still relied on _apt_ and for compatibility reasons it won't be replaced for very long time.
So far I only encountered Snap, when installed Snappy Ubuntu Core on my RPi2, but that was just to satisfy my curiosity. Rolled back to Raspbian before selling the damn thing.

To be short and straightforward: Ubuntu supports Snap packages, but no one forces you to use it exclusively.


----------



## blobster21 (Apr 23, 2016)

So here's the general consensus :

https://www.phoronix.com/forums/for...y-circumvented-due-to-x11?p=866905#post866905



> ....Installing applications from untrusted sources is dangerous regardless of the format, snap, deb, rpm etc. [ ]... users should use common sense and install snaps from Ubuntu Store and trusted sources. [ ] .... some people are blowing snaps out of proportion, they are here to allow easy updating of applications, not to magically solve any and all security issues on Linux.


----------



## Frick (Apr 23, 2016)

And the underlying problem is, as noted, X. Aren't they moving to Mir?


----------



## blobster21 (Apr 23, 2016)

It is shedulded for Ubuntu 16.10

Additionnaly, It seems to be easy as a piece of cake to switch to mir, and enjoy the snaps feature this LTS has to offer, in total confidence !


----------



## Solaris17 (Apr 23, 2016)

I dont see the issue. I think both of them are correct. I'm sure there are security measures that need to be taken into consideration when it comes to how snap packages can interact with certain parts of the system. This is really not a new concept.


----------



## blobster21 (Apr 23, 2016)

It's not new indeed, since this behaviour is to be expected from any X11 based desktop environments. To further quote Matthew Garrett :



> With X11, any application can register to receive keystrokes from any other application. Any application can inject fake key events into the input stream. An application that is otherwise confined by strong security policies can simply type into another window.




While you can reasonnably trust Canonical repositories, the same can't be said with third party apps directly installed from foreign deb packages, or "snaps" downloaded from unverified sources.

Canonical is advertising "snaps" as a secured environment (which they are), but they forgot to mention that the underlying communication layer is much more forgiving.


----------

