It’s an unnecessary risk that gets solved by Flatpak (plus a bunch of other security advantages)
… Or Nix/Guix, or any per-user approach to package installation, or AppImages.
Anyway, I’m not against them completely. For distributing some user applications, and maybe proprietary stuff, they are fine.
And as it stands, the package installation step is a risky process in any distro I’ve ever seen. You just have to rely that no mistake will ever be made by packagers, nothing will slip past them, and that they manually and thoroughly look through every installation process of every package (which they don’t).
We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.
I don’t know, I’m not a security expert. But it is a problem, and a massive one.
This problem seems inherent to anything Turing-complete.
… Or Nix/Guix, or any per-user approach to package installation, or AppImages.
Anyway, I’m not against them completely. For distributing some user applications, and maybe proprietary stuff, they are fine.
We-ell, in basic Unix-like terms you can just do a chroot while unpacking, check that no nasty places are being touched, and then rsync to root. I think some PMs already do just that.
This problem seems inherent to anything Turing-complete.