Bug 411400

Summary: KDE snaps come with some unnecessary connections
Product: [KDE Neon] neon Reporter: Krish De Souza <koolkrish007+kde>
Component: SnapsAssignee: Scarlett Moore <sgmoore>
Status: CONFIRMED ---    
Severity: normal CC: neon-bugs-null, sgmoore
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Krish De Souza 2019-08-28 20:38:36 UTC 
SUMMARY

Snaps use a lot of unnecessary plugs that exposes far more risk than necessary. Especially for internet facing snaps.

STEPS TO REPRODUCE
1. sudo snap install <kdesnap>
2. sudo snap connections <kdesnap>

OBSERVED RESULT

A lot of rather unexpected connections, in particular things like access to home, network and network-bind. Some apps like games (kmines, kpat, andand the like simply do not need access to the full home directory and can suffice simply without the home plugin with the folder located in /home/<user>/snap/....

EXPECTED RESULT
Some of these certainly don't need access to the network or network bind either. The point of snaps is to confine the app to the bare permissions needed.

Another example is konversation, if an exploit is found over the network. I would prefer if the snap didn't give full access to my home directory.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: N/A
(available in About System)
KDE Plasma Version: N/A
KDE Frameworks Version: N/A 
Qt Version: N/A

ADDITIONAL INFORMATION
Comment 1 Scarlett Moore 2022-10-18 15:39:40 UTC 
I will go through and apply your suggestions as necessary. Some do require network for Knewstuff ( game boards etc ) but certainly not all of them.