Most active commenters
  • eyberg(3)

←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 24 comments | 27 Aug 25 01:38 UTC | HN request time: 0.737s | source | bottom
1. vorgol ◴[27 Aug 25 13:00 UTC] No.45039050[source]
OSs need to stop letting applications have a free reign of all the files on the file system by default. Some apps come with apparmor/selinux profiles and firejail is also a solution. But the UX needs to change.
replies(5): >>45039375 #>>45040698 #>>45041459 #>>45041809 #>>45045968 #
2. terminalbraid ◴[27 Aug 25 13:26 UTC] No.45039375[source]
Which operating system lets an application have "free reign of all the files on the file system by default"? Neither Linux, nor any BSD, nor MacOS, nor Windows does. For any of those I'd have to do something deliberately unsafe such as running it as a privileged account (which is not the "default").
replies(6): >>45039776 #>>45039798 #>>45039824 #>>45040322 #>>45040368 #>>45040974 #
3. sneak ◴[27 Aug 25 13:57 UTC] No.45039776[source]
https://www.xkcd.com/1200/

All except macOS let anything running as your uid read and write all of your user’s files.

This is how ransomware works.

replies(1): >>45040144 #
4. ◴[27 Aug 25 13:58 UTC] No.45039798[source]
5. eightys3v3n ◴[27 Aug 25 13:59 UTC] No.45039824[source]
I would argue the distinction between my own user and root is not meaningful when they say "all files by default". As my own user, it can still access everything I can on a daily basis which is likely everything of importance. Sure it can't replace the sudo binary or something like that, but it doesn't matter because it's already too late. Why when I download and run Firefox can it access every file my user can access, by default. Why couldn't it work a little closer to Android with an option for the user to open up more access. I think this is what they were getting at.
replies(3): >>45040122 #>>45040191 #>>45045248 #
6. doubled112 ◴[27 Aug 25 14:21 UTC] No.45040122{3}[source]
Flatpak allows you to limit and sandbox applications, including files inside your home directory.

It's much like an Android application, except it can feel a little kludgy because not every application seems to realize it's sandboxed. If you click save, silent failure because it didn't have write access there isn't very user friendly.

7. fsflover ◴[27 Aug 25 14:23 UTC] No.45040144{3}[source]
You forgot the actually secure option: https://qubes-os.org
8. skydhash ◴[27 Aug 25 14:26 UTC] No.45040191{3}[source]
Because it will become unpractical. It’s like saying your SO shouldn’t have access to your bedroom, or the maid should only have access to a single room. Instead what you do is having trusted people and put everything important in a safe.

In my case, I either use apt (pipx for yt-dlp), or use a VM.

replies(1): >>45045319 #
9. spankalee ◴[27 Aug 25 14:36 UTC] No.45040322[source]
The multi-user security paradigm of Unix just isn't enough anymore in today's single-user, running untrusted apps world.
10. SoftTalker ◴[27 Aug 25 14:39 UTC] No.45040368[source]
How many software installation instructions require "sudo"? It seems to me that it's many more than should be necessary. And then the installer can do anything.

As an administrator, I'm constantly being asked by developers for sudo permission so they can "install dependencies" and my first answer is "install it in your home directory" sure it's a bit more complexity to set up your PATH and LD_LIBRARY_PATH but you're earning a six-figure salary, figure it out.

replies(1): >>45043050 #
11. evertheylen ◴[27 Aug 25 15:03 UTC] No.45040698[source]
If you are on Linux, I'm writing a little tool to securely isolate projects from eachother with podman: https://github.com/evertheylen/probox. The UX is an important aspect which I've spent quite some time on.

I use it all the time, but I'm still looking for people to review its security.

replies(1): >>45041414 #
12. pepa65 ◴[27 Aug 25 15:23 UTC] No.45040974[source]
Even just having access to all the files that the user has access to is really too much.
13. eyberg ◴[27 Aug 25 15:57 UTC] No.45041414[source]
Containers should not be used as a security mechanism.
replies(1): >>45041793 #
14. anthk ◴[27 Aug 25 16:01 UTC] No.45041459[source]
Learn to use bubblewrap with small chroot.
replies(1): >>45042486 #
15. evertheylen ◴[27 Aug 25 16:27 UTC] No.45041793{3}[source]
I agree with you that VMs would provide better isolation. But I do think containers (or other kernel techniques like SELinux) can still provide quite decent isolation with a very limited performance/ease-of-use cost. Much better than nothing I'd say?
replies(2): >>45041831 #>>45042674 #
16. bryceneal ◴[27 Aug 25 16:28 UTC] No.45041809[source]
This is a huge issue and it's the result of many legacy decisions on the desktop that were made 30+ years ago. Newer operating systems for mobile like iOS really get this right by sandboxing each app and requiring explicit permission from the user for various privileges.

There are solutions on the desktop like Qubes (but it uses virtualization and is slow, also very complex for the average user). There are also user-space solutions like Firejail, bubblewrap, AppArmor, which all have their own quirks and varying levels of compatibility and support. You also have things like OpenSnitch which are helpful only for isolating networking capabilities of programs. One problem is that most users don't want to spend days configuring the capabilities for each program on their system. So any such solution needs profiles for common apps which are constantly maintained and updated.

I'm somewhat surprised that the current state of the world on the desktop is just _so_ bad, but I think the problem at its core is very hard and the financial incentives to solve it are not there.

17. bryceneal ◴[27 Aug 25 16:30 UTC] No.45041831{4}[source]
This is also my impression. Containers aren't full-proof. There are ways to escape from them I guess? But surely it's more secure practically than not using them? Your project looks interesting I will take a look.
18. eyberg ◴[27 Aug 25 17:30 UTC] No.45042486[source]
Bubblewrap has refused to fix known security issues in its codebase and shouldn't be used.
19. eyberg ◴[27 Aug 25 17:45 UTC] No.45042674{4}[source]
I would kinda disagree with this. The whole 'better than nothing' is what gave a huge chunk of people a false sense of security wrt containers to begin with. The reality is that there is no singular create_container(2). Much of the 'security' is left up to the runtime of choice and the various flags they choose or don't choose to enable. Others in this thread have already mentioned both bubblewrap and podman. The fact that the underlying functionality is exposed very differently through different 'runtimes' with numerous optional flags and such is what leads to all sorts of issues because there simply was no thought to designing these things with security in mind. (We just saw CVE-2025-9074 last week). This is very different than something like the v8 sandbox or gvisor which was designed with certain properties.
replies(1): >>45051033 #
20. ezfe ◴[27 Aug 25 18:15 UTC] No.45043050{3}[source]
Even with sudo, macOS blocks access to some User-accessible locations:

% sudo ls ~/Pictures/Photos\ Library.photoslibrary

Password:

ls: /Users/n1503463/Pictures/Photos Library.photoslibrary: Operation not permitted

21. terminalbraid ◴[27 Aug 25 21:03 UTC] No.45045248{3}[source]
I'm not saying user files aren't important. What I am saying is the original poster was being hyperbolic and, while you say it's not important for your case, it is a meaningful distinction. In fact, that's why those operating systems do not allow that.
22. eightys3v3n ◴[27 Aug 25 21:10 UTC] No.45045319{4}[source]
I don't agree that the only options are "give it almost everything" or "give it nothing and now it's a huge pain in the arse". Which seems to be what you implied. I do think there are better middle grounds where an app almost always works out of the box but also can't access almost everything on the system. There are also UI changes that can help deal with this like the Android security prompts do.
23. UltraSane ◴[27 Aug 25 22:11 UTC] No.45045968[source]
Google did a good job with securing files on Android.
24. christophilus ◴[28 Aug 25 11:51 UTC] No.45051033{5}[source]
It’s a gradient. An airgapped physical device is better than a VM. A VM is better than podman. Podman is better than nothing.

A locked door is better than an unlocked one, even if it gives its owner a false sense of security. There is still non-zero utility there.