this post was submitted on 29 Oct 2023
-5 points (46.5% liked)
Privacy
32165 readers
121 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
First thing I read and it's not even true.
You can absolutely have more narrow permissions
For example, by default, Firefox only has read/write access to xdg-download and mpv only has read access to host and write access to xdg-pictures (to save screenshots). Discord by default only has read access to xdg-videos and xdg-pictures and write access to xdg-download.
I'm not even going to waste time reading the rest...
Even if a flatpak app has full access to host, they can't read the private data of other flatpak apps (~/.var).
As far as I know, the only possible way to escape the sandbox is to use
flatpak-spawn --host
and add--talk-name=org.freedesktop.Flatpak
but I only ever seen that on apps like vscode.Imo, the point of flatpak's sandbox is to give an extra layer of protection in case of security vulnerabilities. Permissions exist so apps can still work as they're supposed to. It's not a virtual machine isolated from the rest of the system where you can or should install malware.
Besides, the manifest is public and needs to be approved to be on the default repository.
This is a true statement? As long as they are not rewritten partly to use portals, many especially big applications need that.
You're correct, but just like you said, many applications need that.
If I install LibreOffice on Windows or Android, it'll also have access to all my files. I really don't see how that makes Linux more insecure.
Sure, ideally it would use portals, I just don't like the attitude of the blog post.
Addressing concerns or areas for improvement, and suggesting users solutions like installing Flatseal, would be far more constructive. Even better would be submitting pull requests to enhance security themselves, since they seem to know so much about it. Instead, they're just spreading FUD and complaining about small problems or nonsensical arguments like Windows adopting rust. Since when Rust is more used on Windows than Linux?
For instance, the blog post mentions Xorg's security concerns but overlooks mentioning Xorg's alternative Wayland, the default in most distributions when using KDE Plasma or Gnome, which are also the most used.
If security is so important, there are distros like Qubes OS, but most users don't need that level of paranoia, specially if it ruins workflow, performance and productivity
Yes agree on that. Linux needs more standardization.
It is big problem, because it lacks the structure somehow. If there is easy tooling for app development, as Flatpaks with all the modern security practices (safe language, portals, modern GUI, Wayland, Accessibility APIs) then developers could easily follow these rules and create good apps more easily.
Currently app development is not easy and thus also very random.
Yes, you can have more narrow permissions, and the examples you listed are all valid and examples of apps with sensible permissions.
But since app developers can choose their apps permissions on their own, many apps have broad permissions like the access to the entire filesystem.
Some examples listed in the post:
GIMP, Gedit, VLC, Libreoffice, Audacity, VSCode, Dropbox and Skype
All of these have either the
filesystem=home
orfilesystem=host
permission, giving the app acess to basically everything and compromising security.Flatpaks can have more narrow permissions but aren't required to have narrow permissions. The post's statement that many applications have broad permissions remains true.