So electron improved their security features with the recent version 5, but by doing this broke tons of applications because they either need User Namespaces or an SUID executeable (to launch proper isolated subprocesses).

#Signal Desktop noticed this problem and as well and "fixed" it in the worst way possible:

On the other hand #Riot Desktop did a proper fix, which enables an SUID bit on this binary:

#infosec #security #linux

Little follow up on my earlier statement about #Signal Desktop and the `--no-sandbox` argument they force on linux now.

I didn't just made noise on my social media but of course also (tried to) work with the upstream project. Sadly it seems like they don't care:

5 work days and no one even had a look at it. Great… Maybe I should write a PR this weekend in hope it gets more attention.

#infosec #electron #SignalDesktop

Show thread
Sign in to participate in the conversation
No Agenda Social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!