Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

An error occurred while submitting your form. Please try again or file a bug report. Close

Ubuntu Frame Security

This document aims to explain a number of aspects of security in the context of the Ubuntu Frame snap ecosystem (Frame itself, ubuntu-frame-osk and ubuntu-frame-vnc).

Contents:

Threat model

We ran threat modelling for Mir itself (the display server library underpinning Frame) based on this snap stack, and maintain that documented there:

https://canonical-mir.readthedocs-hosted.com/stable/explanation/security/

Cryptography

There is no cryptography used in Frame itself or the On-Screen Keyboard snap. No direct dependency on en/decryption, hashing or digital signatures.

The VNC snap is built on top of wayvnc, which has cryptographic features (password authentication, transport encryption) and that is handled through gnutls as packaged and maintained in Ubuntu. See remote access documentation for more information.

Hardening

Virtual Terminals

To prevent users from switching between virtual terminals, you can disable it in Ubuntu Frame’s configuration:

Mir version 2.22:

This feature is only available with version *-mir2.22 onward

$ snap set ubuntu-frame config=vt-switching=false

console-conf

Avoid console-conf in your model to avoid presenting a “configure” screen in Ubuntu Core.

getty

To disable login prompts, you can mask the [email protected]. It’s easiest to achieve through cmdline.extra in the gadget snap:

# cmdline.extra
[email protected]

Snap connections

Review the snap connections between snaps on the system and disconnect those not essential to your deployment:

$ snap connections
Interface            Plug                           Slot                  Notes
# ... some examples
content[gpu-2404]    ubuntu-frame:gpu-2404          mesa-2404:gpu-2404    -
hardware-observe     ubuntu-frame:hardware-observe  :hardware-observe     -
opengl               ubuntu-frame:opengl            :opengl               -
wayland              -                              ubuntu-frame:wayland  -

Refer to Snap interface and Frame snap interfaces documentation for more information.

Wayland extensions

Avoid adding extensions to the ones allowed by add-wayland-extensions, as some of them may allow clients reading the screen contents or input events.

Refer to Frame configuration reference and the wayland-protocols repository for more information.

VNC authentication

If using the VNC snap, It is recommended that you enable password authentication to avoid unauthorized access to the VNC socket on localhost:5900.

Refer to ubuntu-frame-vnc configuration reference for more information.

Previous Explanation Next Where does Ubuntu Frame work?

Last updated a month ago. Help improve this document in the forum.