• uis@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Finally, I don’t think a mispackaged app is supposed to be able to break out of the application sandbox, unless some bug is exploited.

    At least one of mentioned formats(AppImage) is regular executable. There is no need to break out of sandboxing when maintainer didn’t put it in sandbox in the first place.

    Anyway, mainline distros have selinux or apparmor profiles. Sanboxing exists outside of three yet another “universal” package formats.

    But most people can change the default permission, and only grant permissions that makes sense.

    You mean people who package or end users?