Dropbox’s Project Infinite needs kernel access: could be a security problem?
On the surface, Dropbox’s Project Infinite sounds great, but there are security risks?
From Dropbox Tech Blog:
Project Infinite is designed to enable you to access all of the content in your Dropbox — no matter how small the hard disk on your machine or how much stuff you have in your Dropbox. Today, we’d like to tell you more — from a technical perspective — about what this evolution means for the Dropbox desktop client.
Traditionally, Dropbox operated entirely in user space as a program just like any other on your machine. With Dropbox Infinite, we’re going deeper: into the kernel — the core of the operating system. With Project Infinite, Dropbox is evolving from a process that passively watches what happens on your local disk to one that actively plays a role in your filesystem. We have invested the better part of two years making all the pieces fit together seamlessly. This post is a glimpse into our journey.
On the surface, Dropbox’s Project Infinite sounds great: the feature will give you access to everything in your account without having to store them on your computer, saving a lot of space, especially if you’re using an SSD with a limited capacity.
However, the kernel is the most important part of an OS, and some security researcher thinks that it’s a security risk to have Dropbox sitting in it:
— Tim Weber (@scy) May 25, 2016
@josephfcox disgustingly insecure software with highest possible privileges examining all your files? Seems safe.
— Bobby 'Tables (@info_dox) May 25, 2016
Dropbox’s response to the controversy come directly with an update of the same post:
We wanted to address some comments about Project Infinite and the kernel. It’s important to understand that many pieces of everyday software load components in the kernel, from simple device drivers for your mouse to highly complex anti-virus programs. We approach the kernel with extreme caution and respect. Because the kernel connects applications to the physical memory, CPU, and external devices, any bug introduced to the kernel can adversely affect the whole machine. We’ve been running this kernel extension internally at Dropbox for almost a year and have battle-tested its stability and integrity.
File systems exist in the kernel, so if you are going to extend the file system itself, you need to interface with the kernel. In order to innovate on the user’s experience of the file system, as we are with Project Infinite, we need to catch file operation events on Dropbox files before other applications try to act on those files. After careful design and consideration, we concluded that this kernel extension is the smallest and therefore most secure surface through which we can deliverProject Infinite. By focusing exclusively on Dropbox file actions in the kernel, we can ensure the best combination of privacy and usability.
We understand the concerns around this type of implementation, and our solution takes into consideration the security and stability of our users’ experience, while providing what we believe will be a really useful feature.
So, my question is: is really necessary to access the kernel to achieve the “Infinite” feature?
It’s possible enable this functionality with a userspace technology?