We’ve recently transitioned to using Linux Mint in our workplace and one of the things I appreciated about Linux over Windows is the requirement to enter a superuser password in order to install and run executable files. This level of security by itself prevents the possibility of drive-by downloads or malware infection by malicious email attachments and negates the need for expensive resource-consuming antivirus software.
We recently downloaded an AppImage of Scribus for our art department and I noted that all that was needed to execute it was to chmod it and run it, no password needed. This to me represents an apparent potential security hazard analogous to using freely executable files on Windows.
Now given that Linux is currently not in widespread use in a desktop context compared to Windows, malware authors have devoted little time to exploiting it; but given the invasive nature of Windows 10 resulting in our company and quite a number of others transitioning to Linux, it is only a matter of time before criminals start creating malware for Linux in order to target this growing market. When they do, easy and convenient solutions such as AppImage are likely to become targets for abuse as a delivery platform.
So my question is, has any research been done into the potential for this ease of execution as a means for criminals to create and inject malware? In particular I’d like to know:
Is is possible to ‘pre-chmod’ an AppImage file as executable and attach it to an email, such that a user opening the attachment would cause the file to execute without further action being required on the part of the user?
What privileges do AppImage files run with; that is, are they intrinsically sandboxed, do they run only with current user privileges or can they potentially gain superuser privileges?
In the event that AppImage files are found to pose a security risk, what measures can be taken to prevent them from being downloaded and executed?
What security measures are in place at AppImage (for example required presence of source code) to prevent malware being encoded as AppImage files and distributed through the platform?
While convenience is certainly a positive trait of the AppImage project, my experience is that convenience all too often comes at the expense of security. I would therefore appreciate other peoples’ thoughts on this as well as any studies or research that has been conducted in this area.