undefined | Better HN

0 pointsseabass-labrax2y ago0 comments

You're describing Red Hat! After spending multiple years helping with the development of Flatpak, which is a sandboxed environment with file pickers just like you describe, they recently announced[1] that they would no longer be contributing to LibreOffice in Fedora and instead will be contributing to a Flatpak version instead.

Personally, I am not so sure about Flathub (the 'official' repository for Flatpak bundles), but Flatpak itself is a welcome (and large) step towards universal sandboxing for desktop applications.

[1]: https://www.spinics.net/lists/fedora-devel/msg312784.html

0 comments

2 comments · 1 top-level

nextaccountic2y ago· 1 in thread

That's interesting. So is Flatpak actually secure against malicious code? That is, would you trust running malware if it's packaged as Flatpak?

I'm saying this because we're talking through a platform that is trusted by the majority of pepple to run malware - the web browser. We don't manually check if the Javascript or Wasm code is good or bad before we visit a web page. Few people disable scripts altogether. We could have this level of trust in applications running on our system - but does Flatpak deliver it?

seabass-labraxOP2y ago

I wouldn't say that Flatpak is secure against specifically designed malware - applications can still run machine code directly on the CPU and make Linux system calls, and so could exploit any vulnerabilities (like privilege escalation) that they might have. However, I would certainly trust Flatpak to protect me against excessively snooping applications which are otherwise legitimate, which it can do by limiting access to specific filesystems or devices.

For JavaScript, web browsers have good sandboxing, but arguably also have a smaller attack surface than Flatpak because the page cannot run system calls directly. I don't yet know enough about WASM to know if that tangibly changes the situation.