Access to cursor themes within Firefox lets Bubblejail mirror home filesystem in instance file #83
Comments
|
Hello @orchardstreet The issue is that when I added the "GNOME PORTAL" option I didn't do a proper research in to the desktop portals. What it does is allows the sandbox to access entire portal API which includes stuff like File Picker portal. There should be a more fine tuned control of portal access. |
|
Thanks. Yea I think the only useful thing in the desktop portals would be cursor theme support in Firefox. As without it, there are missing cursors. But yea the File Picker API is of course unnecessary and perhaps a security issue. Thanks for responding. |
|
Is this an actual problem? Are you using the file chooser portal, or does the program on its own get access? |
The program The program on its own gets access to files outside the sandbox under the conditions listed in the OP It is a problem for the reasons specified in the OP |
Output of
bubblejail --versionAlpine 0.8.2
Your distro name and version
Alpine 3.19.0
Description
Access to cursor themes seems necessary for basic cursor support in Firefox on Alpine. To access cursor themes I need to check "GNOME Portal" in Bubblejail and have xdg-desktop-portals successfully set up. Did that. Cursor themes work now with Firefox in Bubblejail.
But checking "GNOME PORTAL" now allows me to save outside of "Downloads", despite never telling Bubblejail to. Firefox's Download wizard now shows me every folder in home and saving in a home folder makes bubblejail create a mirror folder in the instance folder.
So for example, by saving
test.pngin/home/orchardstreet/code/12/13/a, Bubblejail creates the folder(s).local/share/bubblejail/instances/firefox/home/code/12/13/aand saves it there.Cursor support I don't think should break the functionality of whitelisting folders. Also curious if this presents a possible security hole as well. Thanks :)
The text was updated successfully, but these errors were encountered: