this post was submitted on 06 Nov 2023
486 points (94.5% liked)
Linux
48208 readers
790 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What really needs to happen:
Flatpak packages should ask for every permission they need, and the user needs to approve every one of them.
Right now, we have this weird in-between state where some flatpak packages ship with limited permissions (like Bottles). That's because every permission the package asks for is immediately granted. The user doesn't get a chance to refuse these requests. This current model serves to make life more difficult for non-malicious flatpak packagers while failing to protect users from malicious packages.
Also, GNOME needs a Flatpak permissions center like KDE. You shouldn't need to install a third party program to manage permissions.
Situation actually even worse https://madaidans-insecurities.github.io/linux.html#flatpak
I don't doubt it, but this is a good place to start.
This claim has interesting phrasing:
If you look at the GNOME post, you'll see they haven't argued against including a nested X server at all:
I'm not saying they haven't refused to acknowledge this elsewhere, but it's strange to point to this blog post which acknowledges that the sandbox is very much a work-in-progress and agrees with Madaidan that X11 is hard to secure.
Does Xpra provide better sandboxing than XWayland? If not, I think the Flatpak developer's solution to this is: just use Wayland. And obviously, there's plenty of room to improve with the permissions Flatpak does offer.
I did some searching on the Flatpak Github for issues and found that you can actually use Xpra with Flatpak, and the answer is "just use Wayland":
This is also concerning:
Source: https://privsec.dev/posts/linux/desktop-linux-hardening/#flatpak
It's great that GNOME Software notifies you when permissions change! I don't use Flatpak enough to know, but I hope
flatpak update
notifies you too if you don't use the-y
option.