6 Jul
2022
6 Jul
'22
11:52
On 7/6/22 13:22, Dennis Knorr wrote:
I also do not want kcalc or gedit or khelpcenter have access to ~/.ssh or ~/.config/osc. and it's surprisingly often that such niche applications are used for lateral movement/exploitation.
I have a real hard time understanding this line of thinking. Do you trust /bin/ls ? vim ? should they also be sandboxed ? At some point you have to trust your system, whether it is about the closed source BIOS and firmware blobs, kernel, packagers, OBS, ...