About the Subgraph attack:
1. The main problem that @micahflee exploited is the unfortunate decision made by Subgraph OS to keep Gnome/Nautilus in the TCB *and* letting this complex software process *untrusted* files,
2. The specific Nautilus bug (handling of .desktop files) is just *one* example of what could go wrong in this case,
3. We can think of other potential problems (e.g. Thumbnails processing)
4. More details: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
@rootkovska @micahflee Hi there! In @gnome we are doing a lot of work to sandbox things and solve the root cause for this kind of problem. We'd love to hear about these bugs from researchers first, instead of depending on hardening-after-the-fact downstreams like Subgraph and Qubes to push bug reports to us.
Example conversation I'd like to happen around this bug: purpose of .desktop files vs. filename spoofing; executing code you downloaded; sandboxing all executions by default.
This Mastodon instance is hosted in Germany and powered by 100% clean energy. Mastodon is a free and decentralized alternative to well-established social microblogging platforms like Twitter.
Please consider a dontation if you like this instance!