• AnUnusualRelic@lemmy.world
    link
    fedilink
    arrow-up
    258
    arrow-down
    4
    ·
    1 year ago

    It’s not fully sandboxed if it can write to my screen! That filthy app, writing stuff all over the place!

    • tony@lemmy.hoyle.me.uk
      link
      fedilink
      arrow-up
      178
      arrow-down
      12
      ·
      1 year ago

      Or actually do anything useful? No network, no filesystem… it’s a hello world app isn’t it…

      • cheer@lemmy.world
        link
        fedilink
        arrow-up
        124
        ·
        1 year ago

        No filesystem access for a flatpak app just means it cant read host system files on its own, without user permission. You can still give it files or directories of files through the file explorer for the app to work with, just that it’s much safer since it can only otherwise view files in its sandbox.

          • null@slrpnk.net
            link
            fedilink
            arrow-up
            27
            ·
            1 year ago

            As if sandboxes are some brand new concept…

            Of course people want them for some use-cases. No one here is saying that every application in the world should be restricted that way, grandpa.

            • kautau@lemmy.world
              link
              fedilink
              arrow-up
              7
              ·
              1 year ago

              Yeah things like selinux and apparmor have been around for a long time, sandboxing is just an evolution of that

            • grue@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              1 year ago

              No one here is saying that every application in the world should be restricted that way, grandpa.

              Maybe not here in this thread, but aren’t there some folks who want flatpak/snap/appimage to basically replace traditional package managers?

              • null@slrpnk.net
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                Doesn’t make it a prevailing attitude worthy of whatever nonsense that other guy is spouting.

              • Chewy@discuss.tchncs.de
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                […] aren’t there some folks who want flatpak/snap/appimage to basically replace traditional package managers?

                There might be people who think that, but that isn’t realistic. Flatpak is a package manager for user facing apps, mostly gui apps.

                The core system apps will still be installed by a system package manager. I.e rpm-ostree on immutable Fedora or transactional-update/zypper on OpenSUSE MicroOS.

                Snap can do system apps and user facing apps and fully snap-based Ubuntu might come in the future.

                But this won’t force people to use them. Traditional package managers will keep existing for system apps and maintainers will proabably keep their gui packages in the repos.

      • IverCoder@lemm.eeOP
        link
        fedilink
        English
        arrow-up
        24
        ·
        1 year ago

        There’s Obfuscate, an image redactor, and Metadata Cleaner which is self-descriptive. Both works properly without any filesystem access at all, because they use the file picker portal to ask the user for the files to be processed.

    • Empricorn@feddit.nl
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      5
      ·
      1 year ago

      Oh come on, what modern program actually needs to communicate or access the file system?

    • IverCoder@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      The app can then declare the network permission and it will still be marked as safe.

  • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
    link
    fedilink
    arrow-up
    36
    arrow-down
    1
    ·
    1 year ago

    This kind of thing could work for a few apps, say a color picker utility or a QR code generator etc.

    Looking at the docs, it isn’t clear if apps can write to their own namespace (instead of writing to user folders directly), but if they can, we could expand the scope to games like supertuxkart, 2048 etc, which would then be able to save user milestones and progress in their own area - a bit like how Android apps do it

    https://docs.flatpak.org/en/latest/sandbox-permissions.html

    It’s a great start IMO, although admittedly there is still work to do. Flatpak atm bridges the gap with allowing new apps, requiring new libs, to run on older stable/LTS distros

    • themoonisacheese@sh.itjust.works
      link
      fedilink
      arrow-up
      22
      arrow-down
      1
      ·
      1 year ago

      Yes, they can. There are app-specific folders in .local that flatpaks can read and write to specifically for this purpose, and also the file picking dialog may give access to the one specific file you picked.

      Android IMO has great usability in exposing a database to apps, which means they aren’t required to ship their own database engine.

      • andruid@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Get a database, data que and service mesh and we can have an advanced k8s style platform.

    • IverCoder@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      27
      ·
      edit-2
      1 year ago

      With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).

      You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.

      You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.

      Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that’s still safe.

  • kuneho@lemmy.world
    link
    fedilink
    arrow-up
    30
    arrow-down
    3
    ·
    1 year ago

    this sandbox craze is slowly pushing things back to the point where we used cartridges and booted off from them straight to the program. who needs an OS at this point? it’s bundled with the app anyway 😆

    /s, somewhat

  • soulfirethewolf@lemdro.id
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    2
    ·
    1 year ago

    It’s nice to see good app security being praised. Sometimes it feels like some people on lemmy (and the fediverse) throw security to the wind.

    Like one time I had heard someone over on Mastodon say that they thought that HTTPS was too overused and shouldn’t have been everywhere because it makes older apps unable to access sites and also made adblocking just ever so slightly harder.

    Which yeah, I love adblockers, but I’m definitely not comfortable with all traffic having to go unencrypted just for it.

    • IverCoder@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      35
      arrow-down
      2
      ·
      edit-2
      1 year ago

      As well as FOSS too. Sandboxing is a security standard that should be followed by every software how open their code may be.

    • IverCoder@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.

      • owsei@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        I agree with you

        however this program can’t even create files, although I may have misunderstood it

        how are you supposed to save your work?

    • IverCoder@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      17
      arrow-down
      1
      ·
      edit-2
      1 year ago

      An app should not be able to access stuff the user did not consent to letting access.

        • IverCoder@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.

        • SuperIce@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 year ago

          Even if I trust the app, it may have security bugs. Still better to have it sandboxed.

        • IverCoder@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.

    • Luccus@feddit.de
      link
      fedilink
      arrow-up
      62
      arrow-down
      3
      ·
      edit-2
      1 year ago

      Linux users (sometimes):

      sees an extremely user-friendly interface - so good that everyone and their grandma can use it perfectly right away without any explanation

      “Ugh, why doesn’t this look more complicated?”

      Edit: This was in response to someone commenting “Why does it look like toddler UI?”. The comment seems to be deleted now.

      • 1984@lemmy.today
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        Haha so true, and I say this as a Linux user for like 20 years. There are some Linux users who value functionality over form so much that they prefer cluttered user interfaces with tiny borders to maximize screen space.

        • Spotlight7573@lemmy.world
          link
          fedilink
          arrow-up
          19
          arrow-down
          5
          ·
          1 year ago

          And that’s a bad thing?

          The desktop is finally catching up with the more restrictive permissions model where an app doesn’t just have the ability to do anything the user can do but instead only has access to what it needs.

          Going with a familiar interface style like the ones people already use on mobile just makes sense.

          What would you want it to look like instead?

          • Rustmilian@lemmy.world
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            edit-2
            1 year ago

            I’m not a fan of all the blank space in their design language, it doesn’t look bad or anything but I don’t have a touch screen and having to move the mouse around so much for long periods of time physically hurts, especially on laptops.
            I wish it was more… desktop friendly… If they took more advantage of the dynamic layout capabilities of GTK4 to have a better desktop layout based on their already existing design language while still having this mobile esk layout for other devices, we’d be golden.
            If they don’t want to do that, they should at least increase the default mouse speed so it feels better out of the box.