Knowing what to be concerned about in security is a skill, it is possible to overengineer security and put too much effort in non risks.
This reminds me of when a student was concerned about the client leaking the server's ip address.
Not saying that there aren't vulns, but the fix is fixing the bug and using a standard hardening mechanism like selinux or unix users. I strongly doubt that the root issue is the good old filesystem api everyone has been using for decades, it's more likely to be your code bro
croemer•59m ago
Good explanation of the flatpak sandbox escape.
For those allergic to LLM writing: Some sentences read very LLM-like, e.g.:
> The fix wasn’t “change one function” — it was “audit the entire call chain from portal request to bubblewrap execution and replace every path string with an fd.”
TZubiri•1h ago
This reminds me of when a student was concerned about the client leaking the server's ip address.
Not saying that there aren't vulns, but the fix is fixing the bug and using a standard hardening mechanism like selinux or unix users. I strongly doubt that the root issue is the good old filesystem api everyone has been using for decades, it's more likely to be your code bro