according to their stated security model, untrusted applications must not be allowed to communicate with the secret service.
That won't be a popular stance to take when someone eventually steals a bunch of cached, unlocked credentials off of D-BUS because of an oversight somewhere in the npm/aur/pip/cargo/whatever ecosystem.
More rabbit hole:
Hm. Had been thinking of it in terms of controlling the local file system.
Thanks.
people then concluded that FROST is harder to exploit in real-world scenarios than in the lab
What happens if there's an extra 4GB of stuff laying around?
Try the c++23 standard. There's been a lot of cross pollination. Contrived example follows:
#include <format>
#include <numbers>
#include <print>
#include <string>
int main(int argc, char *argv[]) {
double pi = std::numbers::pi;
std::string fstr = std::format("{}, {:>.2}, {:>.5}, {:>.10}", pi, pi, pi, pi);
std::string h = "Hello";
std::string w = "World";
std::println("{}, {}!", h, w);
std::print("This won't have a {},", "newline");
std::println(" but this will add it."); // Add a newline.
// Can't put a non-constant string as the first argument to
// print or println so they can be checked at compile time.
std::println("{}", fstr);
return EXIT_SUCCESS;
}
¯\(ツ)/¯
If GNOME wrote it then they probably trust it. If you're using GNOME, then you've accepted their security model on some level.
At least you know to go look for it. Attackers will only get more sophisticated:
https://ioctl.fail/preliminary-analysis-of-aur-malware/