search

xhorak / firefox-devedition-flatpak

Flatpak manifest and patches to build Firefox
https://firefox-flatpak.mojefedora.cz/
68 stars 28 forks source link

Remove filesystem=home access #101

Closed rugk closed 6 years ago

rugk commented 6 years ago

https://github.com/xhorak/firefox-devedition-flatpak/blob/fc44f888e15f6a70dcfad8ca6517a75062398a00/org.mozilla.FirefoxNightly/org.mozilla.FirefoxNightly.json#L20-L21

Seeing https://github.com/xhorak/firefox-devedition-flatpak/issues/33 has been fixed in Firefox 62, I see no more reason to allow Firefox to access the home dir (at least not writable).

BTW also the comment in this JSON is not really clear and contradicts the code.

This would fix a big "loophole" in the flatpak sandbox:

Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.

https://flatkill.org/

Alternatively, if you can, you may also limit it to ~/Downloads only. As far as I see this is the only place the Firefox needs to access.

xhorak commented 6 years ago

Thanks for the report.

The --filesystem=home:rw is actually commented, so it is not in effect. Before the https://bugzilla.mozilla.org/show_bug.cgi?id=1490186 landed you wasn't able to open host files in the Nightly flatpak. I'll remove the misleading comment and the commented filesystem parameter.

xhorak commented 6 years ago

Fixed in 78e6736e1aa4d0de2821b78bd37912ff854bc897