How safe is Haiku nowadays?

ninos · May 2, 2023, 2:25pm

Haiku is still in beta,
but I guess some people
already use it nearly on a daily basis.
How safe is
R1/beta 4 (Revision hrev 56578+81 x86_64)?

PulkoMandy · May 2, 2023, 2:44pm

safe against what? Crashes? Data loss due to filesystem corruptions? People hacking your machine and stealing or deleting your data?

ninos · May 2, 2023, 2:45pm

People hacking my machine and stealing or deleting my data.

PulkoMandy · May 2, 2023, 3:01pm

In Haiku everything is running as the root user, so any vulnerability will have catastrophic consequences (whole unrestricted access to the machine). There are several known bugs and there were no security audit. So if you are worried about this, I recommend using a more serious operating system which put at least some effort in fixing security issues.

ninos · May 2, 2023, 3:10pm

I use Fedora 38 and GhostBSD.
But I’m also very interested in Haiku.

What I cannot understand is why you don’t enable a username and password procedure
at least
for installing any software package
or updates
in order to somehow protect
the root user condition.

nephele · May 2, 2023, 4:42pm

Again, everything runs as root. A password does not help against exploits, it will only help to lock you out of your machine.

Basically Haiku needs a way to compartimentalize services from each other, yes unix did this with unix users, but this mostly only protects filesystem ressources, but there is way more at stake, especially with less things protected “as files”

for example, running the image editor as your user should not be a thing, it can then access everything you can, that’s not wanted.

You also need to figure out weather to compartimentalize stuff like acces to app_server, media_server, network access etc.

nephele · May 2, 2023, 4:43pm

also, relevant xkcd : )

tclaus · May 2, 2023, 6:20pm

I’d like to lock the machine at least from my wife or children, by a simple hotkey-L shortcut, or by a period of time

nephele · May 2, 2023, 6:23pm

You can use the passwords screensaver for that iirc

ninos · May 2, 2023, 6:48pm

What I meant, security-wise,
is some kind of “trick” on Haiku
to ensure that only a super user would have administrative privileges,
and NOT also any cracker who might compromise the system.

nephele · May 2, 2023, 6:53pm

no.

leavengood · May 2, 2023, 7:20pm

A related reply of mine in another topic: Multiuserland in Haiku - #24 by leavengood

squizzler · May 2, 2023, 8:26pm

This topic seems to be raised several times a year and once again I would recommend those who wants something similarly (or more) niche to Haiku but built “secure by design” to check out Genode. Maybe some of its ideas will come across in the fullness of time.

Arctic_Chaos · May 2, 2023, 9:04pm

Haiku has such a small Userbase, so there is a small Number of evil Black-Hat-Guys with Ambitions for hacking Haiku. Sometimes… something looking bad is in Reality a good Fortune.

Starcrasher · May 3, 2023, 9:42am

Damn! I knew that there was a conspiracy to keep userbase small. Now, I start to understand the motivation.

extrowerk · May 3, 2023, 10:32am

This could give false safety feeling for some people, but keep in mind: You are on the rope at 50m and there is just no safety net just concrete below you. Have a nice stay.