Techly NewsGet the app

Get the latest tech news

When Flatpak's Sandbox Cracks


’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal Introduction Flatpak promises a secure runtime for Linux applications through container-like isolation, relying on bubblewrap namespaces, syscall filtering, and portal interfaces. In theory, each app should operate inside a strong sandbox, disconnected from the host system.

Flatpak promises a secure runtime for Linux applications through container-like isolation, relying on bubblewrap namespaces, syscall filtering, and portal interfaces. But if a malicious install replaces that directory with a symlink pointing to sensitive host folders (e.g.~/.ssh), the sandbox mount entry follows it into the real filesystem, giving the app unintended access to files outside its name-spaced area. Developers, repository maintainers, and users alike must stay alert, applying patches promptly, reducing permission scope, and improving tooling, to safeguard Flatpak’s promise of application isolation in real-world use.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of flatpak

flatpak

Photo of Sandbox Cracks

Sandbox Cracks

Related news:

News photo

OBS-tacle course: Fedora and Flathub's Flatpak fiasco sparks repo rumble

News photo

GNOME Snapshot Can Now Read QR Codes, Flatpak 1.16 Brings More Features

News photo

Flatpak – a security nightmare – 2 years later (2020)

« Does the Bitter Lesson Have Limits?
Verizon will give you up to four free iPhone 15 Plus phones - here's how to get yours »