Rendered at 23:20:02 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
jshmrsn 8 minutes ago [-]
Am I missing something, or do this article’s purported vulnerabilities rely on an assumption that an attacker already has enough access to your system that the attacker can modify files which your code is referencing by path? Isn’t this more of an escalation vector than a vulnerability in itself?
I’m trying to understand the practical takeaway.
croemer 2 hours ago [-]
Good explanation of the flatpak sandbox escape.
For those allergic to LLM writing: Some sentences read very LLM-like, e.g.:
> The fix wasn’t “change one function” — it was “audit the entire call chain from portal request to bubblewrap execution and replace every path string with an fd.”
TZubiri 2 hours ago [-]
Knowing what to be concerned about in security is a skill, it is possible to overengineer security and put too much effort in non risks.
This reminds me of when a student was concerned about the client leaking the server's ip address.
Not saying that there aren't vulns, but the fix is fixing the bug and using a standard hardening mechanism like selinux or unix users. I strongly doubt that the root issue is the good old filesystem api everyone has been using for decades, it's more likely to be your code bro
I’m trying to understand the practical takeaway.
For those allergic to LLM writing: Some sentences read very LLM-like, e.g.:
> The fix wasn’t “change one function” — it was “audit the entire call chain from portal request to bubblewrap execution and replace every path string with an fd.”
This reminds me of when a student was concerned about the client leaking the server's ip address.
Not saying that there aren't vulns, but the fix is fixing the bug and using a standard hardening mechanism like selinux or unix users. I strongly doubt that the root issue is the good old filesystem api everyone has been using for decades, it's more likely to be your code bro