A Study of Application Sandbox Policies in Linux

Trevor Dunlap, William Enck, Bradley Reaves
2022 Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies  
Desktop operating systems, including macOS, Windows 10, and Linux, are adopting the application-based security model pervasive in mobile platforms. In Linux, this transition is part of the movement towards two distribution-independent application platforms: Flatpak and Snap. This paper provides the first analysis of sandbox policies defined for Flatpak and Snap applications, covering 283 applications contained in both platforms. First, we find that 90.1% of Snaps and 58.3% of Flatpak
more » ... s studied are contained by tamperproof sandboxes. Further, we find evidence that package maintainers actively attempt to define least-privilege application policies. However, defining policy is difficult and error-prone. When studying the set of matching applications that appear in both Flatpak and Snap app stores, we frequently found policy mismatches: e.g., the Flatpak version has a broad privilege (e.g., file access) that the Snap version does not, or vice versa. This work provides confidence that Flatpak and Snap improve Linux platform security while highlighting opportunities for improvement. CCS CONCEPTS • Security and privacy → Software and application security.
doi:10.1145/3532105.3535016 fatcat:3c2yjnq53ndqxhgyhjru6bvn5q