this post was submitted on 06 Nov 2023

486 points (94.5% liked)

Linux

48031 readers

1225 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

486

If only more Linux programs followed sandboxing best practices... (i.imgur.com)

submitted 1 year ago by IverCoder@lemm.ee to c/linux@lemmy.ml

66 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] AnUnusualRelic@lemmy.world 232 points 1 year ago (2 children)

It's not fully sandboxed if it can write to my screen! That filthy app, writing stuff all over the place!

[–] gentooer@programming.dev 36 points 1 year ago

Haskell programmers when you tell them the main function isn't pure

[–] BautAufWasEuchAufbaut@lemmy.blahaj.zone 14 points 1 year ago

That's why we have Wayland. :)

[–] Strit@lemmy.linuxuserspace.show 130 points 1 year ago (5 children)

What if your app actually needs access to the internet?

[–] tony@lemmy.hoyle.me.uk 151 points 1 year ago (4 children)

Or actually do anything useful? No network, no filesystem.. it's a hello world app isn't it..

[–] cheerjoy@lemmy.world 114 points 1 year ago (9 children)

No filesystem access for a flatpak app just means it cant read host system files on its own, without user permission. You can still give it files or directories of files through the file explorer for the app to work with, just that it's much safer since it can only otherwise view files in its sandbox.

[–] ian@lemmy.sdf.org 4 points 1 year ago (2 children)

Which is fine for some apps, try that with an IDE.

[–] FooBarrington@lemmy.world 15 points 1 year ago

Why does an IDE need unfettered access to my whole FS? Access to the project directory, and maybe the runtime directory, have to be enough.

[–] Disregard3145@lemmy.world 7 points 1 year ago

To be fair, the title says more apps, not all apps..

load more comments (8 replies)

[–] snowfalldreamland@lemmy.ml 37 points 1 year ago* (last edited 1 year ago)

There are portals: https://docs.flatpak.org/en/latest/desktop-integration.html#portals . they allow secure access to many features. Also any flatpak app still has access to a private app-specific filesystem, just not to the host.

Doesn't work for all applications but for many sand boxing is possible without a loss of features.

[–] IverCoder@lemm.ee 21 points 1 year ago

There's Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.

[–] Pantherina@feddit.de 19 points 1 year ago

Portal.

[–] Empricorn@feddit.nl 31 points 1 year ago (1 children)

Oh come on, what modern program actually needs to communicate or access the file system?

[–] Theoriginalthon@lemmy.world 43 points 1 year ago (1 children)

Exactly all programs should be web based cloud subscription only. We don't want that filthy code on our rgb nvme drives

[–] taladar@sh.itjust.works 7 points 1 year ago

Wouldn't want the gaping security hole open that is hypnotizing the user via RGB control.

[–] QuazarOmega@lemy.lol 24 points 1 year ago (1 children)

Download the internet along with it!

[–] 1984@lemmy.today 6 points 1 year ago* (last edited 1 year ago)

I remember in 1995-ish or something when I used the internet for the first time using the Netscape browser.... And I was asking a friend if he had tried all the web sites yet. Just got a weird look back.... :) I didn't know what the internet was back then at first.

[–] IverCoder@lemm.ee 18 points 1 year ago

The app can then declare the network permission and it will still be marked as safe.

load more comments (1 replies)

[–] darth_tiktaalik@lemmy.ml 119 points 1 year ago (2 children)

I like how the app name is blacked out so as not to dox the flathub app.

[–] Helmic@hexbear.net 35 points 1 year ago

Wouldn't want bad actors to find privacy respecting software.

[–] radioactiveradio@lemm.ee 30 points 1 year ago

Sanboxed from prying eyes, it's completely safe.

[–] Spectacle8011@lemmy.comfysnug.space 54 points 1 year ago (3 children)

What really needs to happen:

Flatpak packages should ask for every permission they need, and the user needs to approve every one of them.

Right now, we have this weird in-between state where some flatpak packages ship with limited permissions (like Bottles). That's because every permission the package asks for is immediately granted. The user doesn't get a chance to refuse these requests. This current model serves to make life more difficult for non-malicious flatpak packagers while failing to protect users from malicious packages.

Also, GNOME needs a Flatpak permissions center like KDE. You shouldn't need to install a third party program to manage permissions.

[–] miss_brainfart@lemmy.ml 14 points 1 year ago (4 children)

Absolutely, permissions should be disabled by default, and only when the app needs to do something that requires a certain permission should it ask for it.

Maybe even do something like Android, where permissions automatically get revoked if you don't use an app for a certain time. I love that feature.

load more comments (4 replies)

[–] anon5621@lemmy.ml 3 points 1 year ago (1 children)

Situation actually even worse https://madaidans-insecurities.github.io/linux.html#flatpak

load more comments (1 replies)

[–] Gentoo1337@sh.itjust.works 44 points 1 year ago (2 children)

Why is it censored lol

[–] IverCoder@lemm.ee 39 points 1 year ago

It's actually Dippi but I don't want to look like I'm advertising it here

[–] bingbong@lemmy.dbzer0.com 8 points 1 year ago

!peepee !< is safe

[–] Blackmist@feddit.uk 30 points 1 year ago (1 children)

Likes like Hello World is ready to ship.

[–] IverCoder@lemm.ee 23 points 1 year ago* (last edited 1 year ago) (1 children)

With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).

You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.

You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.

Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that's still safe.

[–] areyouevenreal@lemm.ee 3 points 1 year ago (1 children)

Does all of this require flatpack specific APIs?

[–] Markaos@lemmy.one 7 points 1 year ago (5 children)

Yes in the sense that the APIs were made because of flatpak, but not in the sense that devs would need to keep two separate code paths for flatpak vs non-flatpak - portals work everywhere.

load more comments (5 replies)

[–] soulfirethewolf@lemdro.id 20 points 1 year ago (1 children)

It's nice to see good app security being praised. Sometimes it feels like some people on lemmy (and the fediverse) throw security to the wind.

Like one time I had heard someone over on Mastodon say that they thought that HTTPS was too overused and shouldn't have been everywhere because it makes older apps unable to access sites and also made adblocking just ever so slightly harder.

Which yeah, I love adblockers, but I'm definitely not comfortable with all traffic having to go unencrypted just for it.

load more comments (1 replies)

[–] Drito@sh.itjust.works 16 points 1 year ago (1 children)

This is useful for proprietary software.

[–] IverCoder@lemm.ee 27 points 1 year ago* (last edited 1 year ago)

As well as FOSS too. Sandboxing is a security standard that should be followed by every software how open their code may be.

[–] bizdelnick@lemmy.ml 11 points 1 year ago (1 children)

What is this? A solitaire game?

[–] IverCoder@lemm.ee 8 points 1 year ago* (last edited 1 year ago) (2 children)

This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.

load more comments (2 replies)

[–] MonkderZweite@feddit.ch 4 points 1 year ago (1 children)

Does it have to be sandboxed?

[–] IverCoder@lemm.ee 13 points 1 year ago* (last edited 1 year ago) (7 children)

An app should not be able to access stuff the user did not consent to letting access.

load more comments (7 replies)

load more comments