Flatpak 1.6.1 Released Due To Security Issue - Special Case Of Getting Access Outside Home

Written by Michael Larabel in GNOME on 23 January 2020 at 08:10 AM EST. 1 Comment
GNOME
Flatpak 1.6 was an exciting update for this Linux application sandboxing/distribution tech in that it started laying the foundation to support a paid app store but elsewhere in the code-base a security issue came about.

Red Hat developer and Flatpak leader Alexander Larsson described this new security issue, which comes down to in certain circumstances apps could access files outside of the home directory. He explained, "This is a (mild) security update. Flatpak 1.6.0 added the ability for an application to request it to be updated, as long as the new version doesn't require new permissions. Unfortunately in some special cases, if an app had access to the home directory, but not the rest of the filesystem it would still allow a self-update where the new version could access some files outside the home directory.."

Flatpak 1.6.1 also adds a new permission for accessing the host /dev/shm as needed by JACK, a crash fix, and various other fixes. More details on GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week