News:

--

Main Menu

[feedback] Universal linux64 binaries

Started by mean, August 10, 2016, 06:18:32 AM

Previous topic - Next topic

Post producer

This is too interesting to be sinking through page 5! Are you still looking for feedback? Does this approach have security implications like Windows .exe files?

eumagga0x2a

Quote from: Post producer on September 17, 2016, 08:04:07 PMDoes this approach have security implications like Windows .exe files?

Which security implications do Windows executables have that executables for other platforms don't? What kind of security do you actually have in mind? Linux being a minority platform makes it already very safe (except of all the usual cross-platform web browser stuff like when one webpage manages to steal another's cookies) while being rather insecure. This insecurity starts e.g. with lack of isolation between different windows on X. Want a secure system? Do not run X on it in the first place.

The AppImage approach packages the actual application with all libraries necessary to run it, purposely decoupling them from the target system's update mechanism. This means that if a major vulnerability is disclosed in one of the supplied libraries, the AppImage as a whole must be updated as security updates provided by the Linux distribution won't help here.

If you are concerned about the integrity of the AppImage file regarding man-in-the-middle scenarios, the usual way to give users a chance to protect themselves from this threat is to offer gpg signed checksums (SHA256 or better). Maybe this will come one day to Avidemux too.