this post was submitted on 01 Aug 2024
481 points (97.1% liked)

Technology

59605 readers
3366 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] rottingleaf 0 points 3 months ago (1 children)

It pretty much does, yes.

It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)

... Or Nix/Guix, or any per-user approach to package installation, or AppImages.

Anyway, I'm not against them completely. For distributing some user applications, and maybe proprietary stuff, they are fine.

And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).

We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.

I don’t know, I’m not a security expert. But it is a problem, and a massive one.

This problem seems inherent to anything Turing-complete.

[–] TheGrandNagus 1 points 3 months ago (1 children)

Nix is not simple, and it always seems to fuck up. AppImages have zero security advantages, they're awful. It doesn't even have sandboxing.

We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.

Lmao. Not only would that not even be effective, but that's also a ludicrous suggestion for the average user to do for every app they install. What an absurd suggestion.

Why are you so against having a secure system?

[–] rottingleaf 1 points 3 months ago

but that’s also a ludicrous suggestion for the average user to do for every app they install

I dunno what you're on, I'm talking about the PM doing this.

Why are you so against having a secure system?

I'm against believing in the concept of actually having a secure system.