So i was installing a repack on my linux system, using bottles because of its flatpak sandbox.
As the install was wrapping, it asked the standard question about redirecting the websites, I (probably thinking nothing will happen) didn’t uncheck anything, and to my surprise, it opened the Firefox browser on my main system and launched the website: giving me quite the spook
doesn’t this mean that anything i install on bottles can somehow still ping home even if I disable networking from Flatseal?
am I being paranoid or is this a serious security flaw?
Opening the browser is done through an XDG portal. Bottles forwarded the request to your desktop environment.
Bottles (and anything running in Bottles) can’t arbitrarily read your files, but it can request a file picker dialog. Similarly, it can’t read or modify Firefox, but it can request a URL to open