So i was installing a repack on my linux system, using bottles because of its flatpak sandbox.
As the install was wrapping, it asked the standard question about redirecting the websites, I (probably thinking nothing will happen) didn’t uncheck anything, and to my surprise, it opened the Firefox browser on my main system and launched the website: giving me quite the spook
doesn’t this mean that anything i install on bottles can somehow still ping home even if I disable networking from Flatseal?
am I being paranoid or is this a serious security flaw?
You are being paranoid. Wine is just calling your default web browser to open the link.
If you disable networking, nothing can “ping home”. It didn’t ping anything, it opened the default program on your computer for using the web and passed a website request to it. That’s standard behavior.
Opening the browser is done through an XDG portal. Bottles forwarded the request to your desktop environment.
Bottles (and anything running in Bottles) can’t arbitrarily read your files, but it can request a file picker dialog. Similarly, it can’t read or modify Firefox, but it can request a URL to open
Check your flatpak permissions for starters.
Flatpak apps operate more like containers and not a full blown sandbox, unless that has changed recently.
This is an interesting blog post on the subject: https://hanako.codeberg.page/
Also, try
flatpak run org.mozilla.firefoxto see if you can launch a browser manually.Disclaimer: It’s been a bit since I have used flatpak, so take that into account. However, I do work in security by trade, so my quick notes may point you in a decent direction at a minimum.
After a quick read over some parts of the article, and looking into the Bottles flatpak manifest, I don’t think the sandbox escapes listed apply to Bottles - as long as you are exclusively using Wayland-compatible apps besides your games.
- Bottles does not have access to $HOME, only through interactive xdg-portals
- As long as you are using Wayland, an attacker can only access apps running through XWayland.
Sadly electron is still a pita, so closing Discord and VSCode while gaming would be necessary (or restrict their host access, which would break sharing files in Discord and many more things in VSCode).
So yes, I sadly have to agree, don’t rely on a sandbox, unless your not running X11.
Luckily wine will soon support Wayland, so removing X11 access from Bottles would break this specific sandbox escape. Otherwise I do think flatpak/bubblewrap sandboxing is pretty solid.
