|
|
|
|
|
|
by shiryel
717 days ago
|
|
|
Fortunately tools to fix this issue on Linux exist, like Bubblewrap and Dbus-Proxy, but they require custom configuration per software, so almost no distro uses them directly, but we do have Flatpak that basically uses both of these tools under the hood, unfortunately, it also has its own "limitations", like the amount of packages and some weird behavior in some packages. I'm trying to solve this issue by using both of these tools with NixOS [1], where I can choose how much security I want for each package, like limiting the files that they can access and/or the entire dbus (practically simulating Flatpak). I mostly use it on proprietary software, like Games, as they have a history with RCEs... In the end, security is a tradeoff with convenience. [1] - https://github.com/shiryel/nixjail |
|
|