|
|
Subscribe / Log in / New account

GNOME 46 puts Flatpaks front and center

GNOME 46 puts Flatpaks front and center

Posted Mar 28, 2024 4:56 UTC (Thu) by ejona86 (subscriber, #43349)
In reply to: GNOME 46 puts Flatpaks front and center by Cyberax
Parent article: GNOME 46 puts Flatpaks front and center

I was interested in the sandboxing, but at present it still seems more like security theater. A substantial number of the permissions allow trivial escape from the sandbox and some permissions that allow escape or access to sensitive data aren't displayed to the user. The user is not given the proper information to accept an app's permissions when installing, and upgrades can add permissions pretty easily. The only thing the sandbox legitimately comes close to handling is reducing impact of vulnerable apps (e.g., "opening a malicous Office file"), but app permissions are so leaky, it is of questionable practical value today.

I dug into it earlier this month and recorded my findings in two blog posts.
https://ejona.ersoft.org/archive/2024/03/03/flatpak-perm-...

I do look forward to Pipewire webcam support to avoid --device=all, in that it is a step in the right direction and it will let some classes of apps have a useful sandbox. But overall the file handling clearly is not working, and thus there's really no sandbox except for outliers.

to post comments

GNOME 46 puts Flatpaks front and center

Posted Mar 28, 2024 23:16 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]

Yes, Flatpacks are not particularly secure right now. However, they are a good practice to guide developers towards containerized applications that can't read random directories. It also protects against accidental "rm -Rf ~/ .cache" typos.

GNOME 46 puts Flatpaks front and center

Posted Mar 29, 2024 10:57 UTC (Fri) by intelfx (subscriber, #130118) [Link] (1 responses)

> I was interested in the sandboxing, but at present it still seems more like security theater.

For better or worse, the free software ecosystem can't afford a "flag day". There is, by definition, no one who can place (and enforce!) such a demand on the entire ecosystem.

As such, it evolves in the only way it can: iteratively. What you call security theater is simply an iteration.

GNOME 46 puts Flatpaks front and center

Posted Mar 29, 2024 14:19 UTC (Fri) by ejona86 (subscriber, #43349) [Link]

In my post I mention the benefit of allowing applications to add restrictions as they adapt to the sandbox. But don't show that to the user. The theater is mostly the UI in how permissions are displayed (or not!) and upgraded. Only a highly technical user can determine if the permissions are safe (and can't do it from the UI), and who knows the state after an upgrade. You can't trust the sandbox; you can only trust the publisher and reviewer.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds