[ragequitta]

Maybe someone with more knowledge than me can explain - flatpaks seem way more secure than anything you would ever install in Windows by a long shot. It's also fairly trivial for me (and I'm by no means a hardcore user) to use a completely immutable version of linux such as Silverblue. The other complaints in these links also seem suspect. If the Linux kernel is insecure due to it being monolithic doesn't that make ChromeOS just as insecure? What about android? What about the "96.3% of the top one million web servers [that] are running Linux"?

Also there's something to be said for security through obscurity. My bet is I could go through my entire junk mail folder opening all attachments on Linux without a problem, but it'd take me less than 10 on windows to be fully owned. If you're careful on Linux aren't you far, far safer than if you're careful on Windows?

[nehal3m]

The first article links to this [1]:

Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.

This includes Gimp, VSCode, PyCharm, Octave, Inkscape, Steam, Audacity, VLC, ...

To make matters worse, the users are misled to believe the apps run sandboxed. For all these apps flatpak shows a reassuring "sandbox" icon when installing the app (things do not get much better even when installing in the command line - you need to know flatpak internals to understand the warnings).

[1] https://flatkill.org

[ragequitta]

I guess I just don't buy it completely. Given that I myself have had a hard time giving permission to Flatpak to access even an unimportant network drive (Flatseal is a godsend for giving/denying permissions in any way you please) while the same app on windows will happily write anything to C:\Windows\System32 , I feel like we're talking about entirely different beasts. But perhaps I'm naive. I also feel like there would be a very large vested interest in making people feel more unsafe in linux than they do in Windows/MacOS for obvious reasons.

And given that the version of Fedora I use is immutable and even I have a hard time messing with it to the point of pain/exploit with full access to the system (and I've tried for fun in VMs) I feel like a trusted flatpak app I download from a trusted source is going to have a damn near impossible time doing much of anything. While I feel like a simple website hack that serves me a bad .exe could/would cripple every single file it can find on my network on a Windows machine.

[jrm4]

You're right. I'm entirely unconvinced by anyone in this thread on that Linux isn't still WAY safer all around.

You can come up with theoretical threats all day that Linux is susceptible to, sure.

But at the end of the day, there is not a single serious cloud company (or just about any tech company that isn't MS) genuinely looking at "we should switch to Windows or MacOS for the backbone of our company," And it's Linux that gets the downstream security that comes with that.

Whole lotta cope in this thread.

[akyuu]

Flatpak permissions are very broad by default in most applications. Even if you manually override them by using Flatseal, some permissions like X.org or PulseAudio sockets are very problematic because these legacy protocols are not designed to be secure. Even if you manage to lock down permissions and only use modern apps that support Wayland and Pipewire, the Flatpak sandbox still exposes a lot of kernel attack surface because it blocks very few syscalls. I think they should add something similar to Win32k lockdown (ProcessSystemCallDisablePolicy) on Windows and disable insecure components like io_uring.

As for immutable distros, AFAIK Silverblue and others are immutable in the sense of package management, but there is actually no process to ensure the integrity of the full boot chain because initrd can be trivially modified by the host and is unsigned. There is a UKI (Unified Kernel Image) proposal that will likely be the path going forward (at least on the Red Hat world), but I think it's still years away.

In my opinion, if you want to use Linux desktop securely, just use Qubes.

[ragequitta]

I fully agree with using Qubes, but I also think for most people in most cases that's akin to putting a bank vault door on the front of your house. I guess the question I would ask is: gun to your head you have a choice between running a random Setup.exe in Windows, a .sh/.deb/.rpm in linux, or a Flatpak. Which one are you choosing? 10/10 times I'm choosing the Flatpak myself. It might not be perfect, but it does seem better than most alternatives everyone uses all day every day.

[akyuu]

> for most people in most cases that's akin to putting a bank vault door on the front of your house

If we are talking about a device in which you do banking, shopping, manage sensitive or work data, etc. then I think security should be a priority. For more casual use, I agree Qubes would be overkill.

> Which one are you choosing?

I'd rather execute Setup.exe inside Windows Sandbox or denying UAC prompts, or a random macOS binary (provided SIP is not disabled) than a Flatpak. To be clear, I think Flatpak is an improvement, I'm glad it exists and I hope it continues evolving. But in my opinion, the Linux desktop still has a long way to catch up to Windows and macOS on security.