Web Browsers: Do not use Flatpak or Flathub for web browsers. While Flatpak is excellent for regular applications, it does not allow Chromium, Chrome, or Firefox to properly sandbox websites. As a result, Flatpak versions of these browsers disable the sandbox feature, making them less secure compared to those installed via DNF.
Stick to web browsers available in the official Fedora repositories to ensure they remain up to date and secure. Specifically, consider using Fedora’s Chromium or Firefox packages. If you need to use Chrome, opt for the RPM version, but try to avoid third-party RPMs whenever possible to maintain a stable system.
Look into what Zypak is. It’s the sandbox that Chromium/Electron uses.
Flatpak has its own sandboxing but as a result it does disable the browser’s default sandboxing method, which is arguably much more tested and secure to an extent. Chromium and Firefox do not contain the same sandbox methodology by the way.
Personally, I am not too worried about this and feel there are other larger security risks for the average user that should be addressed upstream in the Linux desktop. If you would prefer the Zypak sandboxing that the browser comes with then I recommend installing Chromium in a Distrobox container. I don’t think anything will change and the default will be Flatpak Firefox for the 3 end-user images.
sandbox websites - What does this mean? Is this “browser level sandbox” or browser separating websites?
flatpak is sandboxed - each flatpak is separated from another flatpak application and system
I just see it is suppose to be “less secure”, without any argument, what is the risk. Can you post web link to original post? To see if there are any details there.
Every argument the FunEnvironmental8687 fellow made seems sound and well-reasoned to me. But good luck following best practices if you want a QoL remotely close to the competition. IIRC, Fedora ships with Firefox as part of the system base and it doesn’t include any support for hardware or video acceleration at all. That’s a miserable experience. It might even be necessary to reboot after every browser update under Silverblue and Kinoite? And don’t even get me started on the hoops you have to jump through if you require modern NVidia support.
They (Red Hat) are doing the right thing and I am so glad they are fighting the good fight, but IMHO forks going from ublue all the way back to early Mandrake only exist because people have varying levels of risk tolerance and commitment to free software.
Cutting off your nose to spite your face. Should people be more concerned about bad actors within Mozilla or threats from the Internet at large?
And it’s not like a program has root access just because it is installed as with DNF. I just… no. I mean, I’ve watched you defend installing a whole bunch of stuff at the base OS level because “you need the bling.” But a random thematic element from a nameless contributor is somehow more trustworthy than Mozilla?
No disrespect meant. And I don’t think anyone is trying to undermine your(?) decision to Flatpak Firefox unlike Silveblue/Kinoite (though if you would like to tell the Fedora guys that they are doing it wrong I would love to read w/ popcorn). Because at the end of the day, we all recognize that you have to give up a little security for almost every bit of convenience. Right? The same author could’ve said that for best security he recommends you do all your installs via USB and never bring your computer online. Or that you get an old-school line printer with continuous-feed paper for “fascist” logging of every command. And he’d certainly be right, but almost nobody is willing to give up the convenience for the extra security.
Both, that’s why we’re moving to a zero trust model. Mozilla provides an official flatpak though so I don’t sweat it when it comes to how it affects my system as much as I would if it was on the host.
It’s not random, we check and choose things based on what we feel is appropriate to add. Can you be more specific? Things like VSCode are a compromise. We know it is, but it’s the best solution that we have right now until we can convince the right people to help fix it properly for everyone.
I don’t need to, who do you think is developing all the technology we’re consuming?
None taken, no worries.
The correct answer is to reconcile the Flatpak and Chromium sandboxes and get the engineers talking. We’ve actively tried to pursue and work to get the right people in the room. I’ve had calls with most of the major players, we’ve tried to chase down old patches to get upstream, and I’ve talked to people who could help fix the problem. The answer is always the same. No one has time to get this work done, empathetic to the problem, lack of resources. The Linux desktop will always be stuck at the bottom of every single engineering list as long as it continues to be a failure in the marketplace.
That’s just the reality of the situation.
I am on my fourth straight year of failing to move the needle on Flatpak/Chromium, I’m sorry that my personal investment into this has not yielded the results you were looking for.
Given the choice of dealing with the failure of the traditional model vs. fixing Flatpaks, I choose to help fix Flatpaks.
Whoa there, Strawman. Did you reply to the wrong person?!?! I’m the guy that just showed up trying to help. I haven’t asked a single thing of anyone because I, myself, don’t like being told how to volunteer my time. The only request I’ve made of you is that you review my attempt to repair crucial documentation pages filled with 404 links, and that just as a courtesy (which was, essentially, met with “I’m not prepared to accept help or contributions.”).
I went out of my way to let you know that nobody was being critical of your(?) choice to flatpak browsers instead of doing what the Fedora guys were doing. All I said was that I agreed with the security concerns of the random redditor (while conceding that security-above-all-else leads to unusable systems) and that I disagreed with your hyperbole about the consequences of installing Firefox as a base package.
I’m sorry if this sentiment doesn’t show sufficient deference and supplication. But that’s not what I’m here for, bra. Peace out.