Dev/GNOME
Kicksecure Development Notes on GNOME
For user documentation, see Other Desktop Environments instead!
This page is not intended for users or non-developers.
Security[edit]
- GNOME Website Extensions:
- GNOME allows installing extensions through an 'Install' button on its website. Example: https://extensions.gnome.org/extension/1160/dash-to-panel/
- Does it perform digital software signature verification?
- Security Risks in Default Installation: The standard GNOME setup includes numerous features, which may lead to security vulnerabilities.
- File Download Vulnerabilities: Simple file downloads have in the past resulted in remote code execution.
- Link Click Vulnerabilities: Clicking a link on a website has in the past led to remote code execution.
- Related Blog Post: See the blog post: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
- Demonstration Video: Watch the short video here: https://github.blog/wp-content/uploads/2023/10/CVE-2023-43641-poc.mp4
- Tracker-Miner Daemon Concerns: GNOME runs tracker-miner, a daemon that parses all user-downloaded files, which in the past was had such vulnerabilities. Such daemons should not run by default.
- Compromised Theoretical Security: Theoretical security benefits from Wayland are undermined by poor security practices.
- Social Account Integration: Privacy and security concerns about integrating social accounts.
Reasons Against Using a Minimal Desktop Environment Without Its Bad Stuff[edit]
While it might be theoretically possible to avoid GNOME's undesirable aspects by selectively using only core packages like the window manager and systray, this approach is not without significant drawbacks.
Selectively using GNOME components, such as the window manager and systray, and concurrently issuing warnings about other standard GNOME functionalities, presents a contradiction and practical challenges. This methodology seems counterintuitive: utilizing only specific parts of GNOME (like the window manager and systray) while also having to add warnings and disclaimers against its standard, documented features in user documentation and support requests.
For example, GNOME's recommended method for installing the Clipboard Indicator involves visiting extensions.gnome.org Clipboard Indicator and clicking 'Install'. However, this raises a question: what is the secure alternative that bypasses browser interactions and includes digital software verification? As of this writing, this remains unclear.
For instance, consider a user query:
Is it safe to install gnome-clocks?Hypothetical user support request.
No, it is not recommended due to its dependency on geoclue-2.0. This dependency not only expands the attack surface but also has privacy concerns. Currently, instructions to mitigate these risks remain undocumented.Hypothetical reply.
Such an approach would lead to inconsistency and confusion for users, undermining the practicality of using a minimal GNOME setup.
No comparable issues exist for Xfce. Users have the advantage of leveraging both Debian and Xfce documentation, along with resources from third parties, to customize and utilize Xfce effectively.
Usability[edit]
Systray Absence: By default, GNOME does not include a systray.
How can it be added?
- For typical GNOME users, the recommended method is to visit: AppIndicator Support and click the 'Install' button.
- Command line: For users who want to install from the command line, packages.debian.org or from source code while performing digital software signatures verification: Unknown.
- Linux distributions: For Linux distributions using a build script, the process remains unclear. (Clicking buttons is inappropriate for Linux distribution build scripts.) Should a solution for command line become available, it might also provide insight into this scenario.
Trademark[edit]
https://foundation.gnome.org/logo-and-trademarks/
https://wiki.gnome.org/Foundation/SoftwarePolicy
Software projects which are included in GNOME Circle are not official GNOME software. As such, they cannot use the GNOME trademarks to identify themselves.
Qubes[edit]
Qubes' Stance on GNOME: Qubes has also decided against using GNOME: https://github.com/QubesOS/qubes-issues/issues/1806#issuecomment-1768557436
Related[edit]
- Discussion on Porting to Wayland: https://forums.whonix.org/t/port-to-wayland/17380
- Security Concerns: https://github.com/Kicksecure/security-misc/issues/168
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!