❌ DittoJul 7, 2023

@Nouvanity both of us agreed during the discussion that #xserver is dated and wasn't designed with #security in mind. #wayland is a completely different story, and gaining adoption - #ubuntu defaulting to #gnome on Wayland for example. I think #kde is on its way there too.

The bigger discussion left me wondering if I was missing anything. I think the common attack surfaces for most users are:
- social engineering
- bad browser plugins
- browser compromises
- Trojans
Nothing #linux specific.

Show thread❌ Ditto

@Nouvanity speaking of #security , I find #dbus secret service a bit concerning.

Any desktop app can talk to the secret service and view passwords in unlocked wallets.

Some basic searching indicated other OS' might be doing similar stuff, but I never dug too deep. Thoughts?

Jul 7, 2023 at 2:05amWeb
Show threadRAOFJul 7, 2023
@thegreybeardofthetree @Nouvanity Fundamentally, desktops have in the past implicitly trusted anything running as the user to access anything the user can. An application you run can read anything your user can; it can write a hook into to ~/.bash_profile to exfiltrate everything you run, and so on. This applies to Linux, but also to Windows & MacOS.

With the rise of mobile platforms, this started to shift - on mobile platforms code is assumed to have no ability to access anything without explicitly asking for it. This application sandboxing got back-propagated into the desktop world as the Windows Store, the Mac App Store, and Snap & Flatpak on the Linux desktop.

If you don't trust an application, you have to be using one of those technologies; without that sort of sandboxing there's no meaningful security boundary.
Show thread❌ DittoJul 7, 2023

@RAOF @Nouvanity agreed!

The person I was having my discussion with claimed flatpak was easily hackable (i.e. breaking out of the sandbox) in my earlier discussion today. I asked them to provide specific data (still waiting for them to circle back).

I've been under the impression #flatseal lets you tighten permissions further, and it is fairly secure, unless of course you give the flatpak access to your entire filesystem/home directory.

Any real vulnerabilities I'm not aware of?

Show threadRAOFJul 7, 2023
@thegreybeardofthetree @Nouvanity So, anything that allows access to X11 is trivially broken - your code can start an Xterm and inject key events to do whatever.

That out of the way, the underlying security mechanisms for Flatpak and Snap are broadly the same - namespaces and such - but my understanding is that Flatpak allows ad-hoc exceptions in a way that Snap does not - if there's not a Snap interface that does what you need, you can't do it, but you might with Flatpak. This is obviously not an unalloyed good
Show thread❌ DittoJul 7, 2023

@RAOF @Nouvanity interesting #flatpak vs #snap functionality I wasn't aware of, thanks.

The xserver 'backdoor' .. I was treating as a xserver issue, rather than flatpak - Wayland flatpaks would be insulated from that.

The 'ad-hoc functionality ' seems worth reading up on though!

Show thread❌ DittoJul 7, 2023
@RAOF @Nouvanity thank you for the color on the mobile platforms mainstreaming sandboxing, and the subsequent windows store/snap/flatpak emphasis... I hadn't paid attention to that sequence.