this post was submitted on 22 Jun 2024
320 points (96.8% liked)

Linux

47952 readers
1181 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Imagine your friend that does not know anything about linux, don't you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?

I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S

I believe this warning could have a less alarming design, saying something like "This app can use elevated permissions. What does this mean?" with the "What does this mean?" text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have "verified" on the app and a red warning saying "Potentially unsafe", the user will think "well, should I trust this or not??"

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 4 months ago* (last edited 4 months ago) (1 children)

In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.

[–] [email protected] 15 points 4 months ago* (last edited 4 months ago) (1 children)

By not letting the user import/export addon settings, bookmarks?

Btw, i hate the opinion that the dev must babysit his users. It makes software worse, not better, look at Firefox's profille folder for an example. If you have to, make an intro to train them.

[–] [email protected] 12 points 4 months ago (2 children)

I'm not 100% confident but I thought you could use portals to access individual files outside of the sandbox

[–] [email protected] 8 points 4 months ago (2 children)

You could but where is fails is when you open one html file that then needs to loads the other files that are needed by the first.

You can not allow chain loading like this, it would bypass the sandbox.

One way of working around this would to allow the option of passing a whole folder and sub folders to the program.

The other and much harder option would be a per program portal filter that can read the html file. then workout what files that html file needs and offer that list of files to the user.

The lazy work around is allow read access to $HOME and deny access to some files and folders like .ssh

[–] [email protected] 2 points 4 months ago

You can choose folders in the portal now.

[–] [email protected] 1 points 4 months ago (1 children)

Makes sense, but at least this would generally be out of a normal users usage case (multi-file documents), and so the power user could probably just open flatseal.

For things like bookmarks it'd work fine, and by extension make the sandbox more secure

[–] [email protected] 4 points 4 months ago* (last edited 4 months ago)

Makes sense, but at least this would generally be out of a normal users usage case (multi-file documents), and so the power user could probably just open flatseal.

I would not be so sure. Firefox has a "save web page as..." option which saves the html page and all other files needed into a sub folder.

Without better handling of reading and writing files the sandbox will break that builtin function. another way of working around this. would be to change firefox to save the web page into one file. Maybe something a .html+zip file that firefox would know how to open. However that would lock other browsers out without manualy unziping it first.

Getting sandboxing right with powerful programs is very hard and I feel the tooling is still not here yet.

[–] [email protected] 1 points 4 months ago

My bad, i thought that was included in file system access.