On Thu, 16 Jun 2016 15:44:11 -0400, you wrote:
On 06/16/2016 03:09 PM, Alexander Larsson wrote:
> You seems to think about a different "security" than what flatpak
> provides. Say you run a game, packaged by fedora. Its nicely packaged
> and reviewed, so you're not running unreviewed, unsigned scripts as
> root to install it. This is traditional "unix security".
>
> However, if the game talks to the network and has bug, it can still
> easily be attacked and the resulting powned process has full access to
> your ssh keys, your email containing private info, your gpg agent, etc,
> etc.
I get that, but as I said, RPM can have sandboxing too, and so far it
looks like the main vulnerability vector is unpatched software. Flatpack
wouldn't have helped with heartbleed, and the right remediation for it
was rapid patching---which was hampered by all the bundled SSL libraries
even without many containers in the mix.
I do see the utility of containers, and realize that properly curated
containers can be patched as well as native packages. It's just that I
am concerned that they will diffuse responsibility for patching so much
that effectively curation will fail.
To me though you are talking about an ideal world where everything is
properly packaged into rpms and everybody deals with security issues
promptly.
There is a lot of evidence however that we aren't living in such an
ideal world, and as a result there is a lot of software installed
outside of rpms that rarely gets updated.
How much of this self installed software would get updated when the
next vulnerability is found (or for that matter, how much self
installed software still has old bundled SSL exposing systems)?
So while Snap / Flatpak / Docker may mean 50 different copies of a
library need to be fixed, the fact that those packagers (presumably
being as responsible as existing rpm maintainers) actually release new
fixed versions might actually mean systems will be far more secure
than currently.
Is it perfect? No. In fact I think the biggest problem with Flatpak
is that it is restricted to GUI apps, which might make Snap more
attractive to end users. But it is a step in the right direction to
solving an existing problem and making systems more secure.