Our sandboxed apps won't really protect users
Michael Catanzaro
mcatanzaro at gnome.org
Fri Sep 11 16:10:57 UTC 2015
Hi,
On Fri, 2015-09-11 at 11:29 -0400, Daniel J Walsh wrote:
> Sandboxing apps is about protecting your desktop from the app, Not
> protecting your
> app from unsandboxed apps on your desktop.
>
> If we had a sandboxed
> firefox when a firefox vulnerability happens, then my ~/.ssh content
> is much
> less at risk. Similarly my financial data and other financial data
> is
> not at risk.
>
> If we could sandbox the largest GUI Apps like firefox,
> evince/acroread,
> Libreoffice, games
> this would be a big step forward in securing the desktop, even if
> some
> users continue
> to download apps from hackme.com.
Yeah, that's a big flaw in my argument: sandboxed apps are still useful
because they provide benign apps better protection from malicious
input, to complement SELinux.
> Yes although most people have not, or only a few packages.
> Sandboxing apps
> is about protecting you from bugs in trusted apps, not about
> preventing
> untrusted
> apps that you install bypassing security.
That's actually what we were hoping to use the sandbox for: to protect the user from malicious apps.
Michael
More information about the desktop
mailing list