"Security" I'm literally using my camera in Firefox right now. It even asked me nicely... this is as unreliable as I expect security features to be, really. π #Linux #Gnome
That's because your Firefox does not go through the sandbox portal, but instead it accesses the camera device directly. The panel in the system settings can only show applications that ask the system.
@ebassi Cheese also doesn't show up, I was using the flatpak version. Although that tool didn't work at all until I gave it extensive privileges through Flatseal, so it might circumvent detection too.
I hope all of this only happens because I'm on Arch, on a more simple enduser distro this would be catastrophic design.
Cheese does not use the camera portal either, that's why it needs extensive permissions.
"Catastrophic" is kind of overstating the issue: it's been like that for the past 20 years, and app developers are slowly migrating their projects to sandbox-aware portal API. Of course, things get better when more people contribute.
@ebassi It might be a little bit overstated given most people who use Linux know what they're doing. However it's hard to explain something like this to new, "normal" users who just want their system to work and who wish to feel safe. That's always the view I'm taking when arguing how good something is. π
I mean: is it better to not show anything for the applications that *do* go through the portal, thus removing the ability to revoke permissions? Or show a list with a warning that no application has asked the system for permissionβthus making it clear that some app is using direct access?
Of course, when installing an app you'll see its permissions, so theoretically you're already making an informed choice.
@ebassi Of course I see your point and there's no question devs need time to adapt. π Still, obvious inconsistencies (especially in regards to security) are what - in lack of better words - convinces boomers they should buy a "proper" device like a MacBook instead of something that respects their rights. Wouldn't it theoretically possible to implement a kernel module (not by the Gnome team, obviously) that mitigates permission problems due to lack of xdg (?) support? Just a thought.
I'd like to point out that even on macOS, when Apple enabled sandboxing, not everything went through it by default. The main difference is that in the Apple ecosystem, they can enforce a "sandboxed by default" position, whereas we really can't do that on Linux. Advantages of having a single-vendor environment.
As for a kernel module: no, that's not really how things work. The kernel exposes a device, and apps with enough permissions access it. Negotiation happens in user space.
@ebassi I see, that's unfortunate. Well, let's hope the problem is solved before too many "normies" users can complain about it. π The amount of users (of Linux) is seemingly rising after all.
Anyway, thank you for developing Gnome. Love to use it.
Emmanuele Bassi
in reply to Natasha Nox πΊπ¦π΅πΈ • • •Natasha Nox πΊπ¦π΅πΈ
in reply to Emmanuele Bassi • • •@ebassi Cheese also doesn't show up, I was using the flatpak version. Although that tool didn't work at all until I gave it extensive privileges through Flatseal, so it might circumvent detection too.
I hope all of this only happens because I'm on Arch, on a more simple enduser distro this would be catastrophic design.
Emmanuele Bassi
in reply to Natasha Nox πΊπ¦π΅πΈ • • •Cheese does not use the camera portal either, that's why it needs extensive permissions.
"Catastrophic" is kind of overstating the issue: it's been like that for the past 20 years, and app developers are slowly migrating their projects to sandbox-aware portal API. Of course, things get better when more people contribute.
Natasha Nox πΊπ¦π΅πΈ
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Natasha Nox πΊπ¦π΅πΈ • • •I mean: is it better to not show anything for the applications that *do* go through the portal, thus removing the ability to revoke permissions? Or show a list with a warning that no application has asked the system for permissionβthus making it clear that some app is using direct access?
Of course, when installing an app you'll see its permissions, so theoretically you're already making an informed choice.
Natasha Nox πΊπ¦π΅πΈ
in reply to Emmanuele Bassi • • •Wouldn't it theoretically possible to implement a kernel module (not by the Gnome team, obviously) that mitigates permission problems due to lack of xdg (?) support? Just a thought.
Emmanuele Bassi
in reply to Natasha Nox πΊπ¦π΅πΈ • • •I'd like to point out that even on macOS, when Apple enabled sandboxing, not everything went through it by default. The main difference is that in the Apple ecosystem, they can enforce a "sandboxed by default" position, whereas we really can't do that on Linux. Advantages of having a single-vendor environment.
As for a kernel module: no, that's not really how things work. The kernel exposes a device, and apps with enough permissions access it. Negotiation happens in user space.
Natasha Nox πΊπ¦π΅πΈ
in reply to Emmanuele Bassi • • •@ebassi I see, that's unfortunate. Well, let's hope the problem is solved before too many "normies" users can complain about it. π The amount of users (of Linux) is seemingly rising after all.
Anyway, thank you for developing Gnome. Love to use it.