I can open the default chromium snap on my Ubuntu 20.04 computer. I then right click on the defualt homepage, click Save As
, navigate to my ~/home
directory, and can proceed to save the .html
file anywhere in my home directory.
Why are Snap packages marketed as "sandboxed" when they are not sandboxed in actual usage? If the chromium snap can read/write to my home directory, the chromium program, in essence, has the keys to my castle.
The average person (e.g. me) is most familiar with smartphone environments and likely understands sandboxing as meaning something like:
An app or program shall not have access to any system resource without obtaining explicit permission for said resource, by the system owner.
This is the Android and iOS paradigm I'm used to. And looking at Ubuntu documentation it seems they claim this, when in reality it's not true:
... each package is sandboxed so that it runs in a constrained environment, isolated from the rest of the system...
Or, am I missing something here?