Even on Gnome, a single dbus call allows applications outside of
sandboxes to overwrite their permissions in the portal permission
store. A sandbox that is supported by portals for identifying apps is
also required: otherwise, a malicious app could trivially spoof a name
on the bus. Currently, only Flatpak and Snap are subclasses of the
XdpAppInfo class, required for xdg-desktop-portal to be able to
identify a client.
Privileged Wayland protocols are also not an issue. KDE's kwin requires
that applications have an entry in a system-installed desktop file[1],
meaning that random crap can't simply capture the screen, and Flatpak
supports the security-context-v1 protocol, which is used to filter
access to these privileged protocols[2].
An example of the dbus call for Gnome:
dbus-send --session --print-reply=literal --dest=org.freedesktop.impl.portal.PermissionStore /org/freedesktop/impl/portal/PermissionStore org.freedesktop.impl.portal.PermissionStore.SetPermission string:'screenshot' boolean:true string:'screenshot' string:'' array:string:'yes'
[1] https://github.com/KDE/kwin/blob/master/src/wayland_server.cpp#L129-L134
[2] f0e626a4b6
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
Signed-off-by: Daniel Nathan Gray <dngray@privacyguides.org>
It seems like both distributions in the current 'immutable distributions' category are moving beyond the immutable branding.
Fedora:
> Thirdly, this nice branding term is also a more accurate way of talking about how rpm-ostree works. Fedora Atomic spins are not actually immutable. There are ways to get around the read-only aspects of the implementation even though it is much harder. The nature of the OS, where updates are only implemented when they successfully build and you can rollback or rebase between core host systems, is better described by atomicity than immutability. Atomic is also how many of the contributors who work on rpm-ostree prefer to talk about it! Rebranding provides an opportunity to change the language surrounding this technology.
Nix:
> NixOS also provides atomic updates;
(Directly from Privacy Guides)
It's a minor change, but I feel it'd be helpful for the community to be utilizing consistent terminology for different technologies being utilized.
Co-authored-by: Jonah Aragon <jonah@privacyguides.org>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
