How secure is desktop Linux? Is it stuck in the nineties?

A lot of sandboxing ability is there (LSMs, virtualization, namespaces, firejail, bubblewrap, xdg-desktop-portals...), but it's not so well integrated, many applications haven't been written with it in mind and you'll basically have to set it up yourself. It's definitely the future though!

Linux desktop users prefer open source apps that don't have commercial incentive to upload your personal data. Under X11 it is even possible to intercept input to any application, however this is no longer he case in Wayland. It is possible to do complete isolation, but most people don't bother yet.

I always thought part of the point of open source is that the code is auditable so you can see if anyone does anything nasty. That obviously doesn't mean you can grok the code of all that you use but at least the community may in theory be able to. If you're installing software you don't trust, then in my opinion you've already lost most of the battle.

That said, I would think mandatory access control via SELinux could do a lot of what you're suggesting, though I've only ever really tangled with it on servers, not consumer/desktop type computing. I think in that sense, Linux actually got a lot of security features before Apple/Microsoft.

> Where on my smartphone I can grant an app access to only the one photo I need it to have access to, on Linux, for all I know every program that is running under my user account may have uploaded all of my personal files to a malicious actor a thousand times over.

Flatpak

> Where on my smartphone I can deny an app access to my location, on my laptop any application can easily get my external IP address and a list of wifi access points and bluetooth devices.

Flatpak

> Why are Linux distros not keeping up and applying the principle of least privilege?

They're keeping up just fine?

Flatpak and the containering programs(docker, podman, ...) use the apis of the kernel to prevent access to your files, this is already used by firefox to prevent that javascript accessing data it shouldn't. Additionally SELinux or Apparmor can limit access from services to your files, Android uses SELinux, unprivileged users and binder to isolate apps.

run mighy-snitch[1] and you’ll be a little more secure.

aside from mandatory access control, for which there isn’t a usable solution for the typical desktop setup, monitoring network access attempts is as good as it gets.

you’ll be surprised how often everything is trying to phone home. firefox is particularly chatty to mozilla endpoints.

i tried to get filesystem filtering working via this same lsm, but couldn’t get it to work well enough. haven’t made another attempt since. definitely should work. hope to revisit or setup a bounty for it someday.

1. https://github.com/nathants/mighty-snitch

Ubuntu Core, all-snap and immutable , is coming, perhaps this October.

if you install firejail then it behaves as bad as the newer things you describe (that is, most programs are started by a symlink to firejail which then starts that program in a restricted env... namespace, cap drop, apparmor, etc... but it's finicky and easy to bypass by user even by mistake, again, just like the alternatives you list)

Linux still requires you to read. arch have the best non condescending docs.

Search for Flatpaks.

Linux desktop user here, and you ask a very good question which frustrates me to no end.

You are 100% correct, everything which is executed with your login user users rights, can happily upload everything from your home to some random servers or exfiltrate information in other ways.

That Open Source solves the problem because the source code is available shows a blatant misunderstanding of the software supply chain, software supply chain attacks and the economics of Open Source. (e.g. the code you see on gitlab or github does not have to have any resemblance to the code your binary was build with, even if the code you see was used you don't know about compiler backdoors etc.) Further, all Open Source projects/distributions are understaffed and bad payed unless we speak about server Linux which is another story.

Why does Linux not keep up? IMHO several reasons

- There is no money in Linux desktops (Seeing how MacOS/Windows try to upsell users with every second click should give you an idea how bad the situation with Linux market share is

- People with the security and programming skills are quite senior and in high demand of companies (or running OpenBSD :-P)

- The Linux community is one of the most toxic/opinionated community in IT, so every Open Source initiative will have to fight for years an uphill battle (Look at Flatpak/SNAP, all the discussions/misunderstandings and crazy ideas people have)

- For servers we have SELinux and AppArmor, which could in theory also work for Linux desktops, but even for a security affine Linux user like myself it is too cumbersome/complicated to setup/maintain, outside of enabling it for browsers and other highly exposed programs

- Whenever I submit a patch/PR for an Open Source project which affects me on Debian, the maintainers literally beg me to take care of maintenance or at least Debian packages. I cannot even understand how illusional people are who want every software on earth as a native package for their variant of Linux of the week. We are far beyond the breaking point and the only people not seeing this are not contributing to Open Source, but complaining very loud and visible in online forums. Flatpak/SNAP are the only solutions we have if you want up to date software which was build from the original authors. (Remember the time a Debian maintainer broke SSH keys? Yeah, I do.) Especially security relevant software must be build by the authors and not some random maintainers who might or might not have a clue what they are doing.

There might still be a bright future for Linux desktop security, IMHO it depends on immutable systems/flatpak/SNAP. Given the current adaption rate and BS discussions, I expect around 2040 we will be there with a broken implementation and not ready for next generations exploits. :-P