It blocks the normal use of the browser’s namespace-layer sandbox due to its seccomp filter, so they are right. Flatpak-spawn is not the same and browsers being patched to use it do not get the same sandbox.
Let’s have a look at how it is in reality:
Firefox completely drops its namespace-layer sandbox in the Flatpak version ending up with worse security
Google does not provide a Flatpak version at all for security reasons
Some Flatpak maintainers provide builds of Chromium-based browsers with a modified browser sandbox. But this is not the same as the original sandboxing structure of Chromium at all and not vetted by Chromium’s/Google’s security experts. It does not provide the same security as a non-Flatpak installation.
You are talking about zypak here. And what it does is patching browser to call flatpak-spawn, which calls bubble wrap (which on distros that do support namespaces (i.e. vast majority of them including Fedora)) is utilising user namespaces. User namespace requirements · flatpak/flatpak Wiki · GitHub
Except bubble wrap by default utilises user namescapes.
You can read here what Firefox upstream have to say about this.
I explicitly linked Firefox developer stating that user namespaces are not necessary part of the sandbox (and that if it was desired, flatpak-spawn could be used for this). Patched Chromium with zypak is also essentially the same thing, too.
No, it’s not. Did you even try to check it yourself?
It’s an important defense-in-depth layer of the sandbox. Better listen to independent security researchers. Just look at the security mess of FF on Android and you know what I am talking about.
Can you calm down your language? Thanks. And yes, I did actually spent some time on verifying my words.
Important thing to consider is that “security researcher” is kinda like “journalist”. There are both actual security researchers, but there are also bloggers who didn’t undergo formal education on the topic. And sadly I feel like Privacy Guides is mostly composed of bloggers. Which obviously isn’t an insult, mind you. And between bloggers and actual software engineers, I think I prefer to listen to software engineers.
What I’ve found so far is not very conclusive. Mostly based on “flatpak blocks user namespaces therefore breaks the sandbox”. It’s true that the Flatpak versions of Chromium browsers use a different sandbox mechanism & it does not receive the same security audits. But I’ve not yet found a proof of concept which actually demonstrates that the alternative implementation is insecure or even less secure (which the developer claims it’s not).
Lemme ask you a different question: why is SELinux (or AppArmor) needed? Because they provide another layer of protection. The same goes for flatpaks and snaps. It’s yet another fence malware have to jump through. Basically every competing OS (excluding other FLOSS OSes, mostly because they’re behind Linux) provides better security mechanisms than we do. And that is a problem.
Linux *has* malware and our protection against it is laughable. Every year linux gets more and more users, making it more and more tasty target for hackers to attack.
As far as I know - there hasn’t been a instance of malware that has only compromised the Flatpak sandbox so whether it is better or not is based on your own personal risk aptitude.
Chrome’s sandbox & Linux user namespaces aren’t either. And that’s just a general flatpak security bug that was fixed.
I’m specifically asking about Chromium’s alternative sandbox in flatpak which people claim is degraded. But as I said, I haven’t found the exact technical reasons, yet (apart from user namespaces are blocked which doesn’t seem to matter because it’s a different implementation).
Browsing. Which means downloading and automatically running tons of JavaScript and wasm code from all sorts of websites. Even if you stick to supposedly non-dodgy sites, big, trusted companies get hacked all the time, so that could potentially include adjusting the JavaScript to deliver malware to people who visit their site. And lots of people still read blogs from random places. Or play web games. Or visit the website of a local club, shop, all sorts of things. Or download extensions (which I guess are treated similarly to websites?). And of course straight up phishing happens to people all the time, and there have been plenty of pretty convincing ones that could catch almost anyone.
Absolutely. And for the paranoid, NoScript can stop the JS in its tracks.
