If a user chooses to install and run an app in their Home directory, maybe you could add this warning:
“Warning: Apps installed in your home directory can read, delete, or encrypt your files if exploited by malware. This poses a serious security risk. Use a package manager or Flatpak for safer, sandboxed installation.”
(checkbox) Don’t show message again.
How do you “Install apps in Home directory”? Do you mean just downloading self-contained executables?
Some users download a Firefox tarball from Mozilla’s website and then unpack Firefox in their home directory. Firefox from Mozilla has in-app updates directly from Mozilla.
I’m not on my desktop to check, but in nautilus, shouldn’t you make the file executable first?
That said, perhaps this should be done at the system level rather than at the file manager level? Maybe also add a system to find the best match directly in the app store (I read on Allow setting apps to be opened without prompting for certain MIME types · Issue #780 · flatpak/xdg-desktop-portal · GitHub that Endless OS has this kind of mechanism).
Some users would enable the execution permission because they want to use the software. Maybe execution of software in the home directory should NOT be allowed. If the software gets compromised or if the software is malicious, it could damage the user’s files. Users who do this, might not be aware of the security risk.
Maybe users should not be allowed to use the sudo command in their home directory? Is there any reason a user should use sudo in their home directory?
Maybe the warning should include information about firejail.
“Warning: Apps installed in your home directory can read, delete, or encrypt your files if exploited by malware. This poses a serious security risk.
For safer installation, use your system’s package manager, Flatpak, or sandbox tools like Firejail to isolate applications.”
(checkbox) Don’t show message again.
I checked, and Nautilus seems to respect execute permissions.
I downloaded the Firefox tarball, and the bin files are executable. With the AppImage, this is not the case.
A file monitor should therefore detect new files and check if these have the execute permission. This monitor should be independent of nautilus, as a user can use another file manager. The message should be displayed when anything wants to make a file executable (if possible).
Note that a security message also concerns files (e.g., scripts), not just applications. The message should therefore be more general and should not mention the use of the package manager, nor Firejail or Flatpak, as the user is free to choose which sandbox tools to use. Furthermore, using applications installed from a package manager, even as flatpak, does not constitute a safer installation.
For sudo, this tool is not included with GNOME. A message is displayed on first use, but it doesn’t inform of a security risk; you should report it to sudo. That said, this should probably be present in GNOME as well, but I don’t know if it can detect the use of sudo, regardless of the terminal (or other) used.
Maybe software and scripts run from the home directory should be sandboxed automatically to protect the user’s data from deletion and encryption?
Not really. A script can be created by a user and automatically “sandboxing” it will make it inoperant. Detecting files having an execute permission and showing a message is better to avoid that. That said, running a script in a safe way might be an option (but the file monitor must be aware of the file type then). For apps, I doubt that’s possible, at least by default (because GNOME prefers flatpak, which, as far as I know, does not include a way to sandbox things directly).
Because a tarball is an archive, and archives are meant to preserve the status of permissions.
Since the archive extractor is responsible for copying file permissions from the archive, you don’t need monitoring at all.
If that’s the system archive extractor, then, yes, this can be within it.
What if there were an “Apps (sandboxed)” folder in the home directory? Software and scripts placed in this folder would be prevented from deleting or encrypting files in the home directory.
If the user wanted to run the software or script without this protection, they could place it directly in the home directory.
Bad idea, as the user need to be knowledgeable for that. Also, as I said, there is nothing to guarantee a safe execution; only if there is some terminal included with the system and that cannot be replaced, for apps there is nothing (as far as I know).
Anyway, a message is better than a specific directory where to place things. We have two options:
Is it because such apps have user and group corresponding to the owner of the home dir?
I’m not a Linux security expert. Maybe a user with more experience can explain.
Could SElinux detect this action and then display a message?
Maybe? The best is to ask SELinux devs about that.