0
How hard is it to open a file?
April 24, 2026
Posted 3 hours ago by
Sebastian Wick has a great explanation of why opening files – programmatically – is a lot more complex and fraught with dangers than you might think it is. This issue was relevant for Wick as he is one of the lead developers of Flatpak, for which a number of security issues have recently been discovered, and it just so happens that many of these issues dealt with this very topic.
The biggest security issue found was a complete sandbox escape, originating from the fact that flatpak run, the command-line tool to start a Flatpak application, accepted path strings, since flatpak run is assumed to be run by a trusted user. The problem lay in a D-Bus service sandboxed applications could use to create subsandboxes, and this service was built around, you guessed it, flatpak run. The issues in question, including this complete sandbox escape, have been addressed and fixed, but they highlight exactly the dangers that can come from opening files. This subsandboxing approach in Flatpak is built on assumptions from fifteen years ago, and times have changed since then. If you’re a programmer who deals with opening files, you might want to take a look at your own code to see if similar issues exist.
OSnews
Coverage and analysis from Netherlands. All insights are generated by our AI narrative analysis engine.