|
|
Subscribe / Log in / New account

OCI is an antiquated format, not fit for modern security requirements

OCI is an antiquated format, not fit for modern security requirements

Posted May 15, 2025 16:32 UTC (Thu) by DemiMarie (subscriber, #164188)
In reply to: OCI is an antiquated format, not fit for modern security requirements by bluca
Parent article: The future of Flatpak

Desktop workloads trust the local filesystem anyway. What you are looking for needs a completely different OS design and is only suitable for Android, ChromeOS, and other heavily locked-down systems.

to post comments

OCI is an antiquated format, not fit for modern security requirements

Posted May 15, 2025 21:48 UTC (Thu) by bluca (subscriber, #118303) [Link] (2 responses)

They don't, sandboxing includes file accesses, as the article mentions there's a portal for that, and for good reasons.

In fact desktops are where these are most needed, since for the average user desktop browsers is how malware gets in.

OCI is an antiquated format, not fit for modern security requirements

Posted May 17, 2025 0:15 UTC (Sat) by DemiMarie (subscriber, #164188) [Link] (1 responses)

Sandboxing keeps applications from doing stuff they should not do. Someone who can tamper with the sandboxed executables can also tamper with ~/.bashrc and execute arbitrary code outside the sandbox.

OCI is an antiquated format, not fit for modern security requirements

Posted May 17, 2025 11:19 UTC (Sat) by bluca (subscriber, #118303) [Link]

Those are more reasons in favour of strong sandboxing and code integrity, not against them


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds