nevermind root. The apps have unrestricted access to your filesystem under the same privileges as your user -- in other words, they have access to all your personal files and configurations and keys. Who needs root?
> nevermind root. The apps have unrestricted access to your filesystem under the same privileges as your user
Easy to get root anyway, just add an alias to sudo to .bashrc and whenever the user follows an online instruction guide into fixing something they'll get root privileges.
or overwrite LD_PRELOAD for the user
or replace the users desktop files and pretend to be another application (because you can overwrite /usr/share/applications launchers in .local/share/applications)
You can change sudo into an alias that steals your sudo password and then does whatever else.
Not that it makes a huge difference in practice, IMO. The apps most users run (i.e. distro apps) are plenty trusty for normal threat models. Apps that run real untrusted code (web browser) have their own sandboxes. And people with more serious threat models can run qubes or tails or whatever
This is a fair point but orthogonal to the one I was responding to. In any case, a lot of Flatpak's sandbox can be overridden at build time. The sandbox will protect the user against bugs but not as much against a malicious developer.
the sandbox overriden need tobe explaining for the app tobe added to flathub, and yes, they need allow some sandbox breakage until every app support portals, or flathub isn't going to have any app
Not the apps though. The packaging system yes, but whatever scripts run as part of the installation of a package is the package maintainer's responsibility. Not trusting your distro's package maintainers means you don't trust anything on your computer.
As in, any unrestricted process with user privileges on Linux can up to root through vulnerabilities in the kernel or other components. Namespaces, LSMs, and seccomp limit that exposure.