this post was submitted on 07 Jul 2024
99 points (93.8% liked)

Linux

47923 readers
1099 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

should i be worried installing these two? what does it mean though?

(these are captured from Pop! OS software manager)

you are viewing a single comment's thread
view the rest of the comments
[–] Max_P@lemmy.max-p.me 80 points 3 months ago (1 children)

Flatseal: well that's normal, it can't control Flatpak's access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.

For Xournal: it's probably because it doesn't support portals or whatever, so it can't use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.

In both cases, it just means its permissions model is more like regular applications you'd get from your package manager. If you install Xournal with apt/dnf/pacman it also won't be sandboxed.

The point of sandboxing is you can run applications you don't trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser's own data. The lack of sandboxing doesn't inherently imply the app is evil or will hack you. It just means it doesn't have the extra protection around it. So like, probably don't open sketchy PDFs in it, but I wouldn't stop using the app solely because it lacks sandboxing.

[–] rotopenguin@infosec.pub 3 points 3 months ago

I think the problem with xournal is that it cannot ask a file portal to give it access to two related files at once. "I want to let the user pick foo.pdf.xournal, and also give me access to foo.pdf". So the next best thing is to give it the "access any damned file" permission, and let Xournal grab whatever it wants. You get the same problem with video players - you could take away their permission to open-any-file, but then they won't be able to pick up a related subtitle file.