permission override - does it defeat the purpose of sandboxing?

Ryan rymg19 at gmail.com
Wed Mar 4 21:58:22 UTC 2020 

If a hacker gains elevated permissions, could they not proceed to
run...whatever they want as root? If they can gain full root access, all
bets are off outside of things like SELinux.

Also maybe I'm misunderstanding, but if the only way to access the system
is through your app, then the user would be unable to modify the
permissions overrides anyway, no?

On Wed, Mar 4, 2020, 3:18 PM Winnie Poon <winniepoon_home at hotmail.com>
wrote:

> > Can you give a real world example where you worry about the users
> > ability to weaken the sandbox?
>
> From the perspective of a legitimate user of the system the approach
> you mention makes sense: The user can decide to trust a flatpak app
> and, at runtime, give it additional privileges to access to their system
> as in your photos example, or they can choose not limit it to just the
> access that the author requested, or if they really don't trust it she/he
> can remove access/devices all together.
>
> However from the perspective of the application (or rather application
> developer)
> who may not trust the environment in which the app will run this is a
> problem.
> We want to make sure that if a hacker gains access to a system on
> which our app is installed, that they cannot run our app with elevated
> access/privilege that would give them the opportunity to snoop data or
> intercept messages.
>
> To give some more background, we plan to run our flatpak app on a fully
> locked down system (almost an embedded system) on which a legitimate
> end user has no access to the OS at all. We boot directly into our app
> and the only way the end user can interact with the system is through
> our app. We will of course take as many precautions as possible to prevent
> unauthorized access, but if a hacker does break in we want the sandboxed
> flatpak application to provide and extra layer of defense the will prevent
> the legitimate user's data and activity from being exposed. However if the
> hacker can run our app with elevated access this protection is lost.
>
> Regards,
> Winnie
>
>
> _______________________________________________
> Flatpak mailing list
> Flatpak at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/flatpak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20200304/18a7f750/attachment.htm>

More information about the Flatpak mailing list