Hacker News new | ask | show | jobs
by swalladge 1895 days ago
They actually do have sandboxing which would help. I'm not sure of the full extent though. See:

- https://snapcraft.io/docs/security-sandboxing

- https://docs.flatpak.org/en/latest/sandbox-permissions.html

However, in my (limited) experience, apps that actually do a lot of things have most of the sandbox features disabled anyway (network, disk access, etc.).

Note that AppImage is similar, but contains no sandboxing.

I've taken to running steam and other untrusted software under a separate user account. It's probably not ideal, and it's annoying to switch accounts to use certain software. But at least it may help limit the damage if the software is hacked as everything is contained within the throwaway account.

I'm sure one can do a lot better with selinux/apparmor/firejail, but it would probably take a lot of work to get it set up properly.
2 comments
_rdvw 1895 days ago
While most Flatpaks by default aren't all tuned up, you can easily set overrides for them, see `man flatpak-override`. There also exist `Flatseal` which is a GUI for doing so.

AppImage can be used with Firejail.

Firejail use is trivial to setup, we try to keep out of box breakage minimal but still strict, just `sudo apt install firejail && sudo firecfg` + a logout and back in. Disclosure: I am one of the core Firejail contributors.

link
swalladge 1895 days ago
Thank you for firejail! I use it to sandbox Zoom, which is one of the few proprietary tools I need to use for work, and it works perfectly.
link
antpls 1895 days ago
Telling people "just use flatpak and you are safe" is plain wrong and dangerous.

Containers are _not_ safe, that's why Amazon created firecracker, and Google created gVisor.

Containers are a _convenience_, not a security measure. All security precautions apply to container apps as any other apps.

link
MayeulC 1894 days ago
Flatpaks aren't docker containers, though. They should be safer. The most glaring hole in most flatpak is X11 access.

There have been some flatpak CVEs in the past, but I wonder what your claim of them not being secure is based on, other than general principles: yes, there could be a bug in the sandbox, but besides that?

link