All apps are granted network access by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
elementary OS |
New
|
Undecided
|
Unassigned |
Bug Description
In the same architectural spirit as:
https:/
applications should have network access disabled by default. A button somewhere on the window's title bar, maybe next to the closing "X", should permit network access. Attempts to access the network without permission should result in a blocking dialog which halts the offending thread until the user approves access. (This would be the only way to handle command line apps seeking network access because they do not involve the GUI.)
Perhaps an exception could be made for apps seeking to access files located on NFS. In that case, the NFS wrapper itself constrains the format of the network traffic that an app may send, so in principle it's equivalent in safety to normal file system access, and can be allowed, provided that normal file access checks permit it. The kernel would see the request as a file access attempt, which only much later resolves to a network access, which need not be blocked. The intent of this proposal is to block apps from contacting specific internet destinations and sending user data to them without the knowledge of the user.
Note that the scope of this proposal is purely about blocking access. Dumping sent and received network traffic between the app and its remote peer would be a next step and the subject of another proposal.
I just realized that command line apps can be treated the same as any other app. All that's required is the usual network accesss enable/disable switch in the corner of the terminal window. Any commands or other apps launched in that terminal inherit that network access status, just like a thread launched or forked from a windowed app. If several concurrent threads are launched from that terminal, then they are all simultaneously affected by the switch, even if its state is altered after the threads have launched.
There is also the question of how to select the default state of the switch. Initially, it should always be off. Then if it's enabled for app ABC, then all future instances of app ABC, even after the next reboot, should have it enabled. Similarly if it is disabled once again. This implies a simple setting in a registry somewhere which contains network switch defaults for each app.