"Stop Subverting Sandboxes"
with Michael Catanzaro at #GUADEC2025
25 July 
13:40 CEST 
Brescia
Flatpak can protect users—but not if we keep bypassing it. Michael calls for stronger sandboxing, better portals, and shares GNOME’s new security bounty program.
New Open-Source Tool Spotlight 
Microsandbox is a self-hosted platform enabling secure execution of untrusted code. Using microVMs, it combines hardware isolation with startup times under 200ms—ideal for testing AI-generated or user-submitted code. Its SDKs offer multi-language support, including Python and Node.js. #sandboxing #security
Project link on #GitHub 
https://github.com/microsandbox/microsandbox
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
https://www.eff.org/deeplinks/2025/06/protect-yourself-metas-latest-attack-privacy
#Meta’s #trackingpixel was secretly communicating with Meta’s apps on #Android devices. This violates a fundamental security feature #sandboxing of #mobileOS that prevents #apps from communicating with each other. Meta got around this restriction by exploiting #localhost, a feature meant for developer testing. This allowed Meta to create a hidden channel between mobile browser apps and its own apps.
Umgehung des Sandboxings: Meta und Yandex de-anonymisieren Android-Nutzer - Golem.de
@debacle @alatiera That's great - I love #Debian : ) I do wish, however, that #sandboxing native apps on Debian using #AppArmor was as #noobeasy* as using #flatpak apps with #Flatseal.
#noobeasy #noobsimple #newword #neword #did_i_just_invent_a_new_word?
Apple is still letting unverified media files reach decoders. That keeps an entire exploit surface alive.
Here’s a 2-layer validator model Apple could ship today—one that blocks malformed media before decoding ever begins. No decoder rewrites required.
https://medium.com/@jamweba/this-is-the-future-apple-should-already-be-shipping-<ID>
@bohwaz @punkfairie @ajsadauskas @JessTheUnstill @tomiahonen That's exactly the problem, cuz #KaiOS nee #FirefoxOS was a good and solid basis not just for #LowEnd-Devices but could've been excellent for a more #secure mobile OS, as it has good potential for #sandboxing and #KISS-principle'd #Apps that are lean and efficient.
But then again when enthusiasts like @fuchsiii and I were shouting "#ShutUpAndTakeMyMoney!" to #Mozilla, they basically refused to sell any #device, and then we get the "#PSvita-Effect":
I've seen #AppArmor used primarily to *harden* the security of an existing program. Is it also reasonable to use it to *sandbox* known-malicious code? Or are other methods required?
(I assume you also want ulimit or similar on the side, but that's to prevent resource consumption attacks rather than sandbox escapes.)
#Syd is a rock-solid application #kernel to sandbox applications on Linux>=5.19. Syd is similar to Bubblewrap, Firejail, GVisor, and minijail. As an application kernel it implements a subset of the Linux kernel interface in user space, intercepting system calls to provide strong isolation without the overhead of full virtualization. Syd is secure by default, and intends to provide a simple interface over various intricate #Linux #sandboxing mechanisms such as LandLock, Namespaces, Ptrace, and Seccomp-{BPF,Notify} https://gitlab.exherbo.org/sydbox/sydbox
Finally! This will allow better process #sandboxing, and make the #flatpak and #android app finally an option?
@kde@floss.social @kde@lemmy.kde.social
Can you tell us what happens on the "sandbox all the things" goal?
I think this is a pretty crucial step forward, even though #sandbox technologies (most often through user namespaces) are more problematic than I initially thought.
(Basically, user #namespaces open up #privesc dangers to the monolithic #kernel, which is incredible. #Android and #ChromeOS use #LXC, mounts and #SELinux for #sandboxing)
Application #sandboxing with #firejail in linux 
https://www.linuxnix.com/application-sandboxing-with-firejail-in-linux/
@mit_scharf @lamp #jar files are #portable but in terms of #sandboxing I'm wary as that is an option but few JREs implement it properly as it would get often in the way.
@lamp Also that isn't that portable, or as portable as #BSDjails, #bhyve and other #sandboxing options...
Auditing, supply chain security, and sandboxing are related.
For the code running outside of the sandbox, you do a direct code audit of your own code and vendored code, as well as a supply chain audit of the dependencies.
For the code running inside the sandbox, you assess what auditing is necessary (typically less than the auditing outside of the sandbox) and do that as well.
Interesting research paper comparing #sandboxing features found in #Linux, #OpenBSD and #FreeBSD, respectively #seccomp, pledge/unveil and #Capsicum
https://arxiv.org/abs/2405.06447 by Maysara Alhindi
@op you are mentioned there as gmid was studied 
via @goblin
Reading the ambitious roadmap of #GrapheneOS, I get the impression that this might become the most secure and #privacy-respecting platform that also overlaps with many classic desktop use-cases and desktop OS. 
Flatpak vs AppImage. ¿Opiniones?
Tengo una aplicación por #AppImage y he decidido borrarla e instalarla por #flatpak . Porque las actualizaciones son automáticas. También, he leído que flatpak fuerza el #sandboxing y AppImage no.
Así que, ¿qué opináis o recomendáis?
#ChristineBejerasco talking about "Secure-by-Design: How do You Design with a Security Mindset for the User?" at #SCS23:
- Design for ease of use
- Design with misuse in mind
- How we failed to prevent online access/commerce, word processors, email, supply chains, IoT devices, … being misused
Design approaches:
- Password meters, outdated/weak software/plugins, keygrabbing preventions, password managers → #SSO, app #sandboxing, #FullDiskEncryption #FDE, …
Omar Two Tone
