Ubuntu Frame Security | Mir-server documentation

This document aims to explain a number of aspects of security in the context of the Ubuntu Frame snap ecosystem (Frame itself, ubuntu-frame-osk and ubuntu-frame-vnc).

Contents:

Threat model
Cryptography
Hardening

Threat model

We ran threat modelling for Mir itself (the display server library underpinning Frame) based on this snap stack, and maintain that documented there:

https://canonical-mir.readthedocs-hosted.com/stable/explanation/security/

Cryptography

There is no cryptography used in Frame itself or the On-Screen Keyboard snap. No direct dependency on en/decryption, hashing or digital signatures.

The VNC snap is built on top of wayvnc, which has cryptographic features (password authentication, transport encryption) and that is handled through gnutls as packaged and maintained in Ubuntu. See remote access documentation for more information.

Hardening

Virtual Terminals

To prevent users from switching between virtual terminals, you can disable it in Ubuntu Frame’s configuration:

Mir version 2.22:

This feature is only available with version *-mir2.22 onward

$ snap set ubuntu-frame config=vt-switching=false

`console-conf`

Avoid console-conf in your model to avoid presenting a “configure” screen in Ubuntu Core.

`getty`

To disable login prompts, you can mask the getty@.service. It’s easiest to achieve through cmdline.extra in the gadget snap:

# cmdline.extra
systemd.mask=getty@.service

Snap connections

Review the snap connections between snaps on the system and disconnect those not essential to your deployment:

$ snap connections
Interface            Plug                           Slot                  Notes
# ... some examples
content[gpu-2404]    ubuntu-frame:gpu-2404          mesa-2404:gpu-2404    -
hardware-observe     ubuntu-frame:hardware-observe  :hardware-observe     -
opengl               ubuntu-frame:opengl            :opengl               -
wayland              -                              ubuntu-frame:wayland  -

Refer to Snap interface and Frame snap interfaces documentation for more information.

Wayland extensions

Avoid adding extensions to the ones allowed by add-wayland-extensions, as some of them may allow clients reading the screen contents or input events.

Refer to Frame configuration reference and the wayland-protocols repository for more information.

VNC authentication

If using the VNC snap, It is recommended that you enable password authentication to avoid unauthorized access to the VNC socket on localhost:5900.

Refer to ubuntu-frame-vnc configuration reference for more information.

Last updated 13 days ago. Help improve this document in the forum.