permission override - does it defeat the purpose of sandboxing?

Thu Mar 5 10:19:16 UTC 2020

we need to understand the parties here

* the app developer
* flatpak
* the user (you)

you as a user gets an app that runs inside a sandbox with controlled access
to selected facilities (directories, hardware, portals, ..etc.)
when you install the app, you see those permissions (you should be familiar
with this if you use a smart phone)

it's your machine and your choice as a user
sometimes you might override that limit an app because you does not trust
the app
or sometimes you expand permissions

for example
here I want to use a filemanager to only manage my documents
"-nofilesystem=host --filesystem=/home/alsadi/Documents"

https://twitter.com/muayyadalsadi/status/870986338111299584

since I did the override, I'm aware of it and I won't put a sensitive file
there.

I don't want to start a holy war but snap portability and sandboxing is a
joke.
1. people was able to impersonate many famous apps and inject bitcoin
mining tools (because snap is not a desktop session, it can install daemons)
2. if it's on snap does not mean it work everywhere (there are cases for
snaps that works for ubuntu but not mint, despite being a derivative)
3. snap can load custom kernel modules! hello!

On Fri, Feb 28, 2020 at 10:33 PM Winnie Poon <winniepoon_home at hotmail.com>
wrote:

> Hi all,
>
> i must be missing something so please help to clear my confusion.
>
> What's the point of packaging an app as flatpak app with restricted
> permissions, when users can easily open up any permissions by doing :
>
> flatpak run --filesystem=host  ....
>
> or use override to permanently override an app's permissions.
>
> So we package an app in a nice bubble wrap, give it to user and user can
> remove the whole bubble wrap?  or can the user?
>
> For snap, seems like they have something called a "developer mode", does
> flatpak has something like that so a "regular" user cannot easily override
> the permissions?
>
> --------------------------
> Developer mode
> Sometimes it is helpful when developing a snap to not have to worry about the security sandbox in order to
> focus on developing the snap. To support this, snappy allows installing the snap in developer mode
> which puts the security policy in complain mode (where violations against security policy are logged,
> but permitted).
> For example:sudo snap install --devmode <snap>
>
> -------------------------------------------
>
> Thanks for your time again!
>
> Regards,
> Winnie
> _______________________________________________
> Flatpak mailing list
> Flatpak at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/flatpak
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20200305/3943349a/attachment.htm>