What attacks does IPE stop?

Posted May 24, 2025 0:17 UTC (Sat) by DemiMarie (subscriber, #164188)
In reply to: OCI is an antiquated format, not fit for modern security requirements by bluca
Parent article: The future of Flatpak

What kinds of attacks does IPE really stop? The ones I can think of all fall into the “you’ve already lost” case. If an attacker has arbitrary filesystem read/write, they’ve won. The problem is that they were able to get such access in the first place.

If you are that concerned about security, you would be vastly better off running each container as an entire virtual machine. That protects against kernel vulnerabilities, which are far, far, far more important and devastating. The security of this approach is far better than any solution based in a shared kernel, because VM escapes are so much less common than kernel exploits. Qubes OS, Spectrum, Edera, and OpenXT all use this approach.

What attacks does IPE stop?

Posted May 29, 2025 0:32 UTC (Thu) by bluca (subscriber, #118303) [Link]

> The ones I can think of all fall into the “you’ve already lost” case.

There is no such case. This is the kind of mindset that needs to be left behind if Linux ever hopes to catch up with the competition on these aspects. The most important question to ask after a security boundary has been put in place is: "what happens _when_ it gets breached?"