Re: Limiting the power of packages
- Date: Thu, 4 Oct 2018 15:43:25 +0800
- From: Paul Wise <pabs@xxxxxxxxxx>
- Subject: Re: Limiting the power of packages
On Thu, Oct 4, 2018 at 3:24 PM Florian Weimer wrote:
> Flatpaks don't work this way. Try installing gedit and open a file
> like ~/.ssh/id_rsa with it. There are no security prompts whatsoever,
> yet the software in a flatpak can read your SSH private key.
AFAIK, the only way a Flatpak can read your SSH private key would be
because you told the file portal that runs outside the Flatpak
container to pass an fd of that file into the Flatpak container for
the app to read.