411400 – KDE snaps come with some unnecessary connections

Bug 411400 - KDE snaps come with some unnecessary connections

Summary: KDE snaps come with some unnecessary connections

Status:	CONFIRMED

Alias:	None

Product:	neon
Classification:	KDE Neon
Component:	Snaps (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Scarlett Moore

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-08-28 20:38 UTC by Krish De Souza
Modified:	2022-10-18 15:39 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Krish De Souza 2019-08-28 20:38:36 UTC

SUMMARY

Snaps use a lot of unnecessary plugs that exposes far more risk than necessary. Especially for internet facing snaps.

STEPS TO REPRODUCE
1. sudo snap install <kdesnap>
2. sudo snap connections <kdesnap>

OBSERVED RESULT

A lot of rather unexpected connections, in particular things like access to home, network and network-bind. Some apps like games (kmines, kpat, andand the like simply do not need access to the full home directory and can suffice simply without the home plugin with the folder located in /home/<user>/snap/....

EXPECTED RESULT
Some of these certainly don't need access to the network or network bind either. The point of snaps is to confine the app to the bare permissions needed.

Another example is konversation, if an exploit is found over the network. I would prefer if the snap didn't give full access to my home directory.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: N/A
(available in About System)
KDE Plasma Version: N/A
KDE Frameworks Version: N/A 
Qt Version: N/A

ADDITIONAL INFORMATION

Comment 1 Scarlett Moore 2022-10-18 15:39:40 UTC

I will go through and apply your suggestions as necessary. Some do require network for Knewstuff ( game boards etc ) but certainly not all of them.