“This application is unconfined. It can access all personal files and system resources.” - what does it...












2















There is this warning next to some applications in Ubuntu Software (I'm using Ubuntu 18.04 LTS).



What does it mean?



Should I avoid installing them? There is a red exclamation mark next to it, which is disturbing me ;)










share|improve this question























  • I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

    – Line
    7 hours ago













  • Related: Security of snaps under X11

    – pomsky
    6 hours ago
















2















There is this warning next to some applications in Ubuntu Software (I'm using Ubuntu 18.04 LTS).



What does it mean?



Should I avoid installing them? There is a red exclamation mark next to it, which is disturbing me ;)










share|improve this question























  • I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

    – Line
    7 hours ago













  • Related: Security of snaps under X11

    – pomsky
    6 hours ago














2












2








2








There is this warning next to some applications in Ubuntu Software (I'm using Ubuntu 18.04 LTS).



What does it mean?



Should I avoid installing them? There is a red exclamation mark next to it, which is disturbing me ;)










share|improve this question














There is this warning next to some applications in Ubuntu Software (I'm using Ubuntu 18.04 LTS).



What does it mean?



Should I avoid installing them? There is a red exclamation mark next to it, which is disturbing me ;)







18.04 software-center snap






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked 7 hours ago









LineLine

1176




1176













  • I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

    – Line
    7 hours ago













  • Related: Security of snaps under X11

    – pomsky
    6 hours ago



















  • I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

    – Line
    7 hours ago













  • Related: Security of snaps under X11

    – pomsky
    6 hours ago

















I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

– Line
7 hours ago







I know there is a question about it, but it looks pretty dead - and I don't have any problems installing, I would just like to know what it means for the user.

– Line
7 hours ago















Related: Security of snaps under X11

– pomsky
6 hours ago





Related: Security of snaps under X11

– pomsky
6 hours ago










1 Answer
1






active

oldest

votes


















2














If it is a well known software, it's perfectly OK to install. However, software often has bugs, which either good hackers or bad hackers can discover. In the later case, unconfined app means there is a chance that software that is exploited by malicious attacker will give them access to more than just confined environment, including system and files.



It's worth mentioning that some of the applications have access to X11 server, which is your standard GUI on Linux, which is inherently not a very secure. Application that is compromised, then, will have access to X11 resources, including among other things, the clipboard, and that could give access to the attacker to number of exploits. This doesn't mean that either application is bad or X11 itself are bad, or their interaction is bad. It's merely an acknowledgement of the greater attack surface given to malicious actors.



In other words, it's just a warning or disclaimer. It doesn't mean the software itself is inherently bad/broken/malicious.



See also:




  • https://askubuntu.com/a/760813/295286






share|improve this answer


























  • and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

    – Line
    6 hours ago






  • 1





    @Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

    – Sergiy Kolodyazhnyy
    6 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110633%2fthis-application-is-unconfined-it-can-access-all-personal-files-and-system-res%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














If it is a well known software, it's perfectly OK to install. However, software often has bugs, which either good hackers or bad hackers can discover. In the later case, unconfined app means there is a chance that software that is exploited by malicious attacker will give them access to more than just confined environment, including system and files.



It's worth mentioning that some of the applications have access to X11 server, which is your standard GUI on Linux, which is inherently not a very secure. Application that is compromised, then, will have access to X11 resources, including among other things, the clipboard, and that could give access to the attacker to number of exploits. This doesn't mean that either application is bad or X11 itself are bad, or their interaction is bad. It's merely an acknowledgement of the greater attack surface given to malicious actors.



In other words, it's just a warning or disclaimer. It doesn't mean the software itself is inherently bad/broken/malicious.



See also:




  • https://askubuntu.com/a/760813/295286






share|improve this answer


























  • and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

    – Line
    6 hours ago






  • 1





    @Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

    – Sergiy Kolodyazhnyy
    6 hours ago
















2














If it is a well known software, it's perfectly OK to install. However, software often has bugs, which either good hackers or bad hackers can discover. In the later case, unconfined app means there is a chance that software that is exploited by malicious attacker will give them access to more than just confined environment, including system and files.



It's worth mentioning that some of the applications have access to X11 server, which is your standard GUI on Linux, which is inherently not a very secure. Application that is compromised, then, will have access to X11 resources, including among other things, the clipboard, and that could give access to the attacker to number of exploits. This doesn't mean that either application is bad or X11 itself are bad, or their interaction is bad. It's merely an acknowledgement of the greater attack surface given to malicious actors.



In other words, it's just a warning or disclaimer. It doesn't mean the software itself is inherently bad/broken/malicious.



See also:




  • https://askubuntu.com/a/760813/295286






share|improve this answer


























  • and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

    – Line
    6 hours ago






  • 1





    @Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

    – Sergiy Kolodyazhnyy
    6 hours ago














2












2








2







If it is a well known software, it's perfectly OK to install. However, software often has bugs, which either good hackers or bad hackers can discover. In the later case, unconfined app means there is a chance that software that is exploited by malicious attacker will give them access to more than just confined environment, including system and files.



It's worth mentioning that some of the applications have access to X11 server, which is your standard GUI on Linux, which is inherently not a very secure. Application that is compromised, then, will have access to X11 resources, including among other things, the clipboard, and that could give access to the attacker to number of exploits. This doesn't mean that either application is bad or X11 itself are bad, or their interaction is bad. It's merely an acknowledgement of the greater attack surface given to malicious actors.



In other words, it's just a warning or disclaimer. It doesn't mean the software itself is inherently bad/broken/malicious.



See also:




  • https://askubuntu.com/a/760813/295286






share|improve this answer















If it is a well known software, it's perfectly OK to install. However, software often has bugs, which either good hackers or bad hackers can discover. In the later case, unconfined app means there is a chance that software that is exploited by malicious attacker will give them access to more than just confined environment, including system and files.



It's worth mentioning that some of the applications have access to X11 server, which is your standard GUI on Linux, which is inherently not a very secure. Application that is compromised, then, will have access to X11 resources, including among other things, the clipboard, and that could give access to the attacker to number of exploits. This doesn't mean that either application is bad or X11 itself are bad, or their interaction is bad. It's merely an acknowledgement of the greater attack surface given to malicious actors.



In other words, it's just a warning or disclaimer. It doesn't mean the software itself is inherently bad/broken/malicious.



See also:




  • https://askubuntu.com/a/760813/295286







share|improve this answer














share|improve this answer



share|improve this answer








edited 6 hours ago

























answered 7 hours ago









Sergiy KolodyazhnyySergiy Kolodyazhnyy

71k9147310




71k9147310













  • and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

    – Line
    6 hours ago






  • 1





    @Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

    – Sergiy Kolodyazhnyy
    6 hours ago



















  • and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

    – Line
    6 hours ago






  • 1





    @Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

    – Sergiy Kolodyazhnyy
    6 hours ago

















and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

– Line
6 hours ago





and what is the difference, why the other applications are "confined"? is it something about the way they are developed? or those are just more "official"?

– Line
6 hours ago




1




1





@Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

– Sergiy Kolodyazhnyy
6 hours ago





@Line Confined means application has access to only its own environment and in theory knows nothing of the outside world, aka the system on which you're running things. If it's compromised, well, in the best case it just gives attacker a chance to break the application but not your system, or use the system for it's own purposes. There's no "official" difference there. It merely means how much application can know and access.

– Sergiy Kolodyazhnyy
6 hours ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110633%2fthis-application-is-unconfined-it-can-access-all-personal-files-and-system-res%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

GameSpot

日野市

Tu-95轟炸機