So electron improved their security features with the recent version 5, but by doing this broke tons of applications because they either need User Namespaces or an SUID executeable (to launch proper isolated subprocesses).

#Signal Desktop noticed this problem and as well and "fixed" it in the worst way possible:

On the other hand #Riot Desktop did a proper fix, which enables an SUID bit on this binary:

#infosec #security #linux

Little follow up on my earlier statement about #Signal Desktop and the `--no-sandbox` argument they force on linux now.

I didn't just made noise on my social media but of course also (tried to) work with the upstream project. Sadly it seems like they don't care:

5 work days and no one even had a look at it. Great… Maybe I should write a PR this weekend in hope it gets more attention.

#infosec #electron #SignalDesktop

Show thread
Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!