-42

Linux is actually very vulnerable to exploits and it's showing with high value vulnerabilities that has been dropping in the latest years; FreeBSD is way better in security record (piefed.world)

submitted 1 day ago* (last edited 1 day ago) by beep@piefed.world to c/linux@programming.dev

28 comments fedilink hide all child comments

cross-posted from: https://piefed.world/c/uncommon/p/1089778/linux-is-actually-very-vulnerable-to-exploits-and-it-s-showing-with-high-value-vulnerabi

I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited.

On the other hand, FreeBSD rarely suffers from wide security issues.

Overall, I don't think anyone should repeat the myth that Linux is secure.

And at least if they gonna recommend Linux, they better recommend a good distro with SeLinux, hardened kernel and hardened OS.

you are viewing a single comment's thread
view the rest of the comments

[-] Sibshops@lemmy.myserv.one 1 points 1 day ago

I kind of agree. Linux needs some better security around packages and permissions. Like someone should work on an open-source snap alternative.

[-] RamRabbit@lemmy.world 10 points 1 day ago* (last edited 1 day ago)

someone should work on an open-source snap alternative.

Is that not Flatpaks? They are damn good.

[-] Neptr@lemmy.blahaj.zone 4 points 1 day ago

Flatpaks are not a secure sandbox. The sandbox exists to distribute apps, and the security is secondary. Apps are very minimally sandboxed. A better permission system would severely weaken the sandbox with basic permissions needed by so many apps. The amount of apps on Flathub that I have seen which need access to org.freedesktop.Flatpak which removes the sandbox. Browsers have their own sandbox crippled because Flatpak blocks namespace access, but that is not a problem for Snaps. Flatpak does not implement many (or any) modern exploit mitigations. Apps that have audio permission have microphone access, and access to all desktop audio. X11 access doesnt use something like Xephyr for a separate X11 to prevent apps from escaping the sandbox, especially on a X11 desktop environment. Etc, etc.

Now dont take me for a Snap shill. I don't think that is very good either. But at least its permission system is more thorough and apps tend to work better in a lot of cases. It also has on-screen permission requests (at least I think). It still suffers from many of the same problems as Flatpak.

I still use Flatpaks though. Just wish things were better.

[-] Sibshops@lemmy.myserv.one 3 points 1 day ago

Agreed, now if we can just get every program to run in a sandbox like flatpaks, a number of security issues will no longer be on issue.

[-] housepanther@social.goblackcat.com 2 points 1 day ago

@RamRabbit I really like flatpaks.

[-] vk6flab@lemmy.radio 2 points 1 day ago

The issue is not packaging, it's users circumventing security out of ignorance, willful or not, still ignorance.

As Linux gains popularity, the users will need to learn, often the hard way, how to go about installing stuff. Running a random script off the internet is not how it's done.

this post was submitted on 07 May 2026

-42 points (17.2% liked)

Linux

13570 readers

218 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev