Hackr News App

<@Defletter> I think in some cases (like WhatsApp) the better model exists and is available, but isn’t used by the app - possibly as a judge to get you to give it more permissions

On iOS Strava’s app is able to access a photo picker, and the app only gets the photos I actually pick

Meanwhile WhatsApp insists on using the model where it tries to access all photos, and I limit it to specific ones via the OS

<@Defletter> Android's model, where you can ask the user for (read only/read+write) access to only specific files/a specific folder works pretty well for that.

But on Discord's side, this is also because the people repackaging Discord for Flatpak were quite conservative. If you want to break open the sandbox a bit more, you can grab Flatseal and manually approve additional directories. I'm not exactly sure what you need for drag&drop to work, but when I add a folder to Geary's whitelist (or grant all home folder permissions, I suppose), I can drag it into the Flatpak'd application like normal.

Unlike on Android, Flatseal actually lets you list those directories and lets you revoke them (at your own risk).

<@Defletter> Flatpak and those other systems have many problems (much more than only that), in my opinion. I do not use them (and I also do not use Discord).

My idea to solve it is an entirely new operating system design, which uses proxy capabilities. (Also it does not have file names.)

> I don't feel like "this button opens the camera and gives me the photo you take with it" and "I can access whatever the camera is seeing at this moment" should be the same permission.

I agree that they should not be the same permission, but also the permissions should not be directly like that either. They should be "still picture input" and "motion picture input" permissions. The source of the pictures is not specified by the permissions, and therefore will be independent of the hardware and independent of the implementation.

(With proxy capabilities, this becomes much more versatile in many ways, and can avoid some of the problems of doing them directly by a permission menu.)

<@Defletter> In my phone "phone's app" I have the option to message on whatsapp next to each number, but when I click on it, whatsapp doesn't let me just message the number, it asks for permission to view all my contacts.

I feel like we have solved this a billion years ago with the tel: protocol. You don't need full access just to get passed 10 digits by another program?

It feels like permission models are stuck in engineering for low-level programs and nobody thinks about how actual people will use it, or perhaps their developers assume normal people are too stupid to manage fine-grained permissions for all the random apps they put in their PC's?

Maybe the real conspiracy is that the OS developers make the end-user security management terrible to make users afraid of running programs that weren't vetted either by their own proprietary app store where they get paid fees (or in Linux' case, by their distro). Forcing normal users to run a VM to be able to run untrusted apps is prohibitive and restricts the freedom of computer users, in my humble opinion.

As a programmer I dread writing any line of code that deletes files. I feel like there should be a low-level API that required me to say the file extension that my application is allowed to delete or something like that. It's still crazy to me that any single program can just delete all user files even though no user would ever grant it that ability. Until that is fixed the whole user permission model just feels like a big joke to me.

<@simonw> > All I want is an easy, documented, supported way to run a binary on my computer and say "it can only access these files, use this much RAM and it's not allowed to make any outbound network requests". It always surprises me how hard this is!

I think that if the operating system (and the computer design too) were designed better, then I think that it might be possible to do that, and other things (e.g. all outbound network requests must go through a specified proxy without the program knowing of the proxy, or must use a specific network interface, etc).

<@simonw> > Maybe the new "containers" stuff in macOS 26 is going to be a good replacement for that?

It is not. The Containerization framework [1] is, in its own words, "a Swift package for running Linux containers on macOS" - it's more or less an Apple-branded Docker runtime. It's not applicable to macOS software.

[1]: https://github.com/apple/containerization

<@simonw> macOS already has a way to do that if you're a developer, but it's weirdly both obvious and non-obvious enough that people don't seem to use it: just compile a simple program that executes other programs, and then sign it with the officially supported sandbox entitlements. You will need a supervisor program that starts up the sandboxed sub-process and grants it access to the needed files via the official bookmarks API (that's what it's called):

https://developer.apple.com/documentation/security/accessing...

Now you're wondering why this isn't built in to the OS. But it is! Apps from the Mac App Store are always sandboxed. Just get your apps from there, and now you know what permissions they need because the store can tell you, as can the Settings app. You can even toggle permissions on and off via Settings.

macOS has the best sandbox of any desktop OS by far. Seatbelt isn't actually deprecated and never has been. Marking it as such seems to be just a way to warn developers off trying to use it directly. Nonetheless, it's not going anywhere: Chrome's sandbox relies on it heavily and if Apple tried to remove it or even just break backwards compatibility with it they'd break Chrome, and if not done in a coordinated manner that'd open up a lot of nasty lawsuit potential and corporate relationship problems.

The reason Apple don't want you using Seatbelt directly is that you have to be an expert in macOS internals to use it correctly ... and those internals change with every release. I reported a vulnerability to a well known company just a couple of weeks ago that involved them using Seatbelt wrong! Apple's entitlements wrap up a common set of use cases under a stable API and it's then on Apple to keep them working correctly as the internals move around.

<@simonw> It mostly seems to be deprecated to encourage developers to use App Sandbox rather than doing custom sandboxing things. With custom sandboxing baking implementation details of system frameworks into the sandbox policy is almost unavoidable, and Apple would really rather you didn't do that as it limits their ability to make changes in the future.

The underlying sandbox subsystem is what App Sandbox uses. Apple can happily rely on implementation details of system frameworks in their policies because they can update them as the system frameworks change.

The sandbox subsystem is what all of Apple's system software uses for sandboxing, as well as many security-conscious third-party programs such as web browsers. It's not going anywhere anytime soon, despite being marked as deprecated.

<@simonw> You want a capability based OS where by default processes are sandboxed.

<@simonw> The ideal for me would be Asahi support from Apple, but the software support on their hardware is so far behind the hardware itself (which is amazing).

<@simonw> I use Docker for this. Sandbox is not effective. Like if you run Firefox with "deny network" profile you will still be able to browse as usual.

<@simonw> Agreed, macOS has lagged every other OS here.

The easiest solution is to give up and use Linux (Docker).

<@PhilippGille> Deno has "sandboxing" in the sense that it will refuse to open files and such if you don't pass the relevant permission flags, but AFAICT it doesn't do the thing that this article is talking about, of telling the kernel not to let it do those things. (I'm inferring this from the note in the documentation that native code called via FFI isn't sandboxed.) So an attacker could still do those things if they found an exploitable bug in the Deno runtime.

I'm having a hard time figuring out the details of how Wasmtime works but I don't think it does this kind of sandboxing either.

<@PhilippGille> I've been playing around with deno over the past weeks. It's definitely an interesting project. However I do find the permission system to lack the granularity I would want. You quickly end up in a "all or nothing" state, where I would really like to instead differentiate between code I consider trusted and code I consider risky.

Still, pretty neat and I do see where I will use it in the future.

<@Joker_vD> The developer knows the program best - what files it needs to access, what syscalls it needs to make, etc.

<@petermcneeley> Here's a more informative doc about sandboxing in Chromium

https://source.chromium.org/chromium/chromium/src/+/main:san...

<@petermcneeley> Looks like that's the subset of their sandbox that applies to GPUs, the file is content/gpu/gpu_main.cc

<@user_7832> There is windows sandbox: https://learn.microsoft.com/en-us/windows/security/applicati...

Not available on the home edition of windows though.

<@user_7832> You can turn off win32k calls for a process if you don't need gui. You can also run the process with a lower privilege access token to reduce file access and some kernel access.

I'd love to see one to block more kernel calls than just win32k. The best method I've come up with is to create a shared memory buffer to a seperate interface process and then unmount ntdll.dll by marking its pages `page_noaccess`. Thanks to win32 weirdness you can still allocate memory into the process without nt calls from the interface process as VirtualAllocEx, VirtualAlloc2, VirtualProtectEx, VirtualFreeEx, VirtualQueryEx, NtAllocateVirtualMemory, NtFreeVirtualMemory, etc take a process handle as an argument. This kinda requires writing a userspace kernel and your own standard library though.

MS please give me a better method to lock down kernel access beyond nowin32k. Hyperv doesn't work for consumer apps as half the consumer versions of windows don't have it.

<@user_7832> Years ago I was a heavy user of Sandboxie. But those were simpler times and malware was far less advanced than it is now. No idea how good of a protection it provides there days.

https://en.wikipedia.org/wiki/Sandboxie

<@user_7832> Virtual Box

<@oblio> there are api monitoring tools; my goto is this: https://learn.microsoft.com/en-us/sysinternals/downloads/pro...

MS had a tool that let you set an applications "observed" system variables, like OS ect; this was back in win2000 and before now modernization of the windows compatibility stuff, new stuff sort of superseded it. i currently recollect the exe name even after inspecting a win2000 iso - edit2: apparently apcompat.exe ( lol this archive page triggered some memories: https://ia802200.us.archive.org/view_archive.php?archive=/33... )

edit: there were even api firewalls, zonealarm had one, and a number of others. i think people lost interest in locking their systems down as they seem very unpopular nowadays

<@oblio> There is windows sandbox

https://learn.microsoft.com/en-us/windows/security/applicati...

<@oblio> I do not remember knowing of such a thing (although I might have done and had forgotten), but I would like to see the documentation if it is available.

<@oblio> Vaguely recall something like that. Weird name something with a Q? Something mox?

Maybe I’m hallucinating like a LLM

<@oblio> Tried to use chatgpt to find it, no luck.

<@ZeroConcerns> Indeed, if you are trying to build something cross-platform and use BSD's specific APIs for security, it is easy to end up with an #ifdef soup in some of the most sensitive parts of your code. One wrong logic step there and you have compromised your application trying to harden it. I don't know the solution :(