Conversation

Notices

1. Noam Preil (pixelherodev@fosstodon.org)'s status on Wednesday, 18-May-2022 00:04:34 UTC Noam Preil

   • TheEvilSkeleton :silverblue:

   @TheEvilSkeleton The claim about security is flat out wrong.

   File system access *is* full access.

   If you can write to the file system, you can write a script, mark it executable, and tweak ~/.profile etc to run it on startup. This doesn't even require being able to mark a file executable, because you can simply add e.g. 'python malicious.py' to the end of the login script.

   • Noam Preil (pixelherodev@fosstodon.org)'s status on Wednesday, 18-May-2022 00:04:26 UTC Noam Preil

     in reply to

     • TheEvilSkeleton :silverblue:

     @TheEvilSkeleton Requiring extra steps is *not* increasing security. It's security theater.

     Santa Claes 🇸🇪🇭🇰🎅 likes this.
   • TheEvilSkeleton :silverblue: (theevilskeleton@fosstodon.org)'s status on Wednesday, 18-May-2022 00:04:32 UTC TheEvilSkeleton :silverblue:

     in reply to

     @pixelherodev we can see that this requires some extra steps right? The application cannot interface with the OnlineAccounts framework so it needs some workaround.

     I'm not saying that it protects us from everything, because it clearly doesn't. I even made it clear that those permissions are problematic. The entire point was that it "requires extra steps [...] to gain access to my *other* personal information means that Flatpak can prevent bad actors a little bit with filesystem=host/home."

   • TheEvilSkeleton :silverblue: (theevilskeleton@fosstodon.org)'s status on Wednesday, 18-May-2022 00:04:33 UTC TheEvilSkeleton :silverblue:

     in reply to

     @pixelherodev could you explain how filesystem access can access my Nextcloud information like contacts and notes?

   • Noam Preil (pixelherodev@fosstodon.org)'s status on Wednesday, 18-May-2022 00:04:33 UTC Noam Preil

     in reply to

     • TheEvilSkeleton :silverblue:

     @TheEvilSkeleton More generally: anything that an application outside of flatpak can do, or anything inside of ANY of your "sandboxes" can do, can be done by *EVERY* one of your "sandboxes".

     Heck, the easier option: write a small python script to listen for local text on a TCP port, and add starting it to .profile. In the malicious flatpak, write arbitrary commands to that port if it's open. If it's not, just wait until the next time the user reboots.

   • Noam Preil (pixelherodev@fosstodon.org)'s status on Tuesday, 31-May-2022 06:08:13 UTC Noam Preil

     in reply to

     • TheEvilSkeleton :silverblue:
     • The Avid Horizon

     @theavidhorizon @TheEvilSkeleton Not quite; there are practical options.

     Security is possible. The failure of a single model does not prove otherwise.

     Absolute security is actually quite *trivial*: turn off your computer, and never turn it back on.

     The hard part is getting the functionality *without* the risk. Flatpak errs on the side of greater risk, functionality, and performance. Other models do the opposite.

     My issue is only that people *pretend* flatpak is secure. It's not *meant* to be

     Santa Claes 🇸🇪🇭🇰🎅 likes this.
   • The Avid Horizon (theavidhorizon@fosstodon.org)'s status on Tuesday, 31-May-2022 06:08:18 UTC The Avid Horizon

     in reply to

     • TheEvilSkeleton :silverblue:

     @pixelherodev @TheEvilSkeleton what do we do then? I can't help but feel anything to do with security is security theater.