Comment by aragilar
Or go old-school with multiple users and chroots? You could even install from (and host) a trusted repository, where the source and binaries are vetted (and you can pay people to do this for you).
Or go old-school with multiple users and chroots? You could even install from (and host) a trusted repository, where the source and binaries are vetted (and you can pay people to do this for you).
To be fair, if firefox had the intelligence to know that it was being asked to attach a file it didn't have access to, it could prompt for a password. I don't expect full TRAMP like smarts from Emacs, but I don't see why this wouldn't be doable?
Granted, I'm viewing this as far easier than the sandbox "fake file system" approach? Firefox would be able to see the file exists, most likely, but just not have read rights to it. Yes, you can have some things it can't list, but I would expect that to be low on probability to want to attach to an email?
For user-facing stuff, I agree it's hard because of the challenge of managing access to data (and I would argue no system does this well, Android has a different set of failure modes, and I've not used QubesOS but presumably it has it's own issues as well), but in the top-level comment, the concern was around using pip/npm, which to me is almost a solved problem if you care enough and are willing to put the effort (and money) in.
It's also not like Linux is any different with respect to installing random PyPI/npm packages on any other desktop/laptop OS (https://xkcd.com/1200/), so I'm not sure anything desktop Linux does here would change the fact that installing random software from the internet may be a bad idea sometimes ;)
Server software is usually compartmentalized in uid:s but desktop software seldom is, if ever. Package managers and maintainers could do a lot here to make it easier. Some things long time Linux users like to do, like running Firefox as a separate user, is still a much more involved process than it should be.
A lot of it is probably standards and culture work, like where a user can expect to store files and have them readable by Firefox in this example. So perhaps this is something the GNOME/Freedesktop people could have been interested in and made a difference? Instead we have things like Flatpak, which is good but not the lowest hanging fruit here.