this post was submitted on 21 Jan 2024
30 points (76.8% liked)
Linux
48040 readers
1358 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What's the reasoning behind your question?
Every graphical app of course unless there's an issue with packaging or any other problem.
I just wanted to know. For example: tumbleweed comes with firefox, do people uninstall it and reinstall it in a flatpak? The question comes from curiosity.
Yes. I removed Firefox and installed the flatpak version because it's a little more secure.
EDIT: it might not actually be more secure, but it doesn't appear to be less secure based on how I read the information in the replies.
Is that due to flatpak sandboxing?
Edit: it’s interesting, this repo is saying the opposite, https://github.com/trytomakeyouprivate/Recommended-Flatpak-Apps/blob/main/Apps/Browsers.md
Edit 2: since folks are asking further details are linked in the article. Keep in mind I am not personally making these claims, I am in learn mode just like a lot of other folks.
From https://seirdy.one/notes/2022/06/12/flatpak-and-web-browsers/:
Huh, that is very interesting
I am not so sure this really establishes that Firefox in a Flatpak is less secure. From the linked bug:
It might be more accurate to say that some per process isolation features don't work because flatpak uses them to isolate Firefox from the rest of the system. This could make it easier to smuggle data between processes in Firefox. It reads like a trade off to me and the impact depends on your security model -- whether you value interprocess isolation more than isolation between the app and the system.
Either way, interesting find! I didn't know some of Firefox's sandboxing is precluded by the Flatpak sandboxing. I edited my comment to dispell the claim that it's more secure.
Yeah as they said it’s complicated, but in an unintuitive way more sandbox of apps can lead to apps being less effective at sandboxing themselves. Which, like you said, can be good bad or neutral depending on your threat model.
Personally I am leaning towards not using browser in Flatpaks since I trust the browser to sandbox itself. Not the position I started from initially where I would have assumed more sandboxing is a uniformly good thing.
Much respect for the discussion. I learned things.
This resource makes a claim but presents nothing to back it up. I would like to learn more.
The details are in this link https://seirdy.one/notes/2022/06/12/flatpak-and-web-browsers/
This is not true. Also this is shepherding to a false definition of security.
You should probably read the included details if you haven’t and address those points directly. I’d love to know what is wrong about the problems they have described.
Did you think I was referring to your post? Because otherwise I don't understand what you are aiming at.
How so?