Fedora opens up to bundling

Posted Oct 22, 2015 9:54 UTC (Thu) by Wol (subscriber, #4433)
In reply to: Fedora opens up to bundling by Cyberax
Parent article: Fedora opens up to bundling

> > (e.g. Libreoffice-like huge suites instead of collections of individual programs cooperating, like in TeX), and this means that one single bug in the almost never used code that imports .mp4 fart sounds to use in Libreoffice presentations would also be enough to access ALL your sikret files.

> Nope. It'll only get access to that presentation and perhaps some recent files.

Cyberax, sometimes you need to "engage brain before opening mouth".

"One bug" == "pwned", and who knows what damage is done :-( If it has LO's permissions, then it can access all of LO's files. (Which for most users, is pretty much everything.)

(Incidentally, LO is not a monolithic blob. Although I'll admit it often feels like it ...)

Cheers,
Wol

Fedora opens up to bundling

Posted Oct 22, 2015 14:32 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

> "One bug" == "pwned", and who knows what damage is done :-( If it has LO's permissions, then it can access all of LO's files. (Which for most users, is pretty much everything.)
That's not true for sandboxed apps on Mac OS X. A document file with an embedded exploit will probably not be able to access even the recently opened documents. It definitely won't be able to modify the LO executable files or even _read_ other user's files.

On Linux, a compromised document can slurp browser's history and secret storage and send it to nice folks in Nigeria.

Now, which model do you trust more?