A systemic problem seems to be growing with some the new application packaging formats. People who invent them are not learning on the mistakes of their predecessors and this applies to at least two popular packaging formats I've seen recently:

• AppImage is marketing itself as "Linux apps that run anywhere", which is a conveniently packed self-contained Linux executable embedding all the dependencies etc. It has one fundamental problem: it has no usable authenticity and integrity controls. You can create an embedded signature but the wrapper binary does not verify it - you need an external developer tool (good luck with that).
• Electron ASAR simply has no authenticity and integrity controls, just none. Practical attacks have been demonstrated and caused some stir in the news since ASAR is used to distribute popular apps such as Skype, WhatsApp and Slack, and is not only limited to Linux. Electron makers in the meantime are more preoccupied with encryption for the purpose of "obfuscating corporate products"...

The classic Linux deb package format allows embedded signature but in the first place relies on signed repositories (with the same effect). Pretty much the same for rpm format, except it makes even more difficult to install unsigned packages.

The most advanced in this field is probably Snap, which not only requires digital signatures on all packages (there's a option to bypass it but it's literally called dangerous, which says it all) but also enforces rather strict system of permissions. The latter heavily relies on seccomp and AppArmor under the hood and evidently tries to bring a fine-grained explicit per-application permissions known from Android to the Linux world. It is certainly much safer than the classic rpm and deb distribution.

The only packaging format that can really compete here is FlatPak which not only includes on sandbox permissions but also uses GPG signatures for all packages distributed through Flathub repository. Permissions framework seems less granular than Snap but still way better than the classic formats.

In closing, I can only add that the #cybercrime folks do use every single weakness, especially when it reaches certain scale and becomes difficult to fix. What you install on your computer is absolutely fundamental to your #security and #privacy, so every single safeguard that makes it harder to abuse may be the one that saves you one day.

#snapcraft #flatpak #debian #redhat #appimage #cryptography #linux #electron