• someacnt@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    While lots of this is problem of desktops in general, but:

    • Linux applications can access your entire home folder, which likely contains most of your data. It can also access e.g. state of other applications, which can be bad.
    • While flatpak somewhat mitigates the issues, it is half-baked: permissions are granted directly when you install the app, and user has to manually revoke the permission - Needing e.g. FlatSeal for this is insane as well. With Android/iOS, the user only grants permission when needed, which reduces lots of attack surfaces.
      • Doesn’t too many apps want your home folder access by default? If you think about it, it is a huge security issue - you basically have to trust the app to keep your secrets intact.
      • Mic access can be very problematic, esp when it would be enabled by default if app requests it. Although I don’t know to which extent this would be abused.
    • utopiah@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      Linux applications can access your entire home folder

      That’s the default because that’s what most people want, or at least expect.

      You can perfectly start an application within a container or even a dedicated user.

      Nearly nobody does this not because Linux does not permit that, it does, but rather because most people believe (rightfully or not) they do not need this level of separation.

      • someacnt@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        True, but asking user about permission to home folder vs. granting permission by default is huge difference. Also doesn’t flatpak also grant other permissions the app wants as well? Like the Mic permission.