Security issues

[Pockets-byte]

We need to consider the issue of sandboxing and the safety of hub itself.
Currently as far as I know, we have taken no steps in the direction of hub security/sandboxing
this really needs to be fixed

[NoooneyDude]

Related; see #105 and unitystation/unitystation#7158.

[CorruptComputer]

On the Linux side if you have StationHub installed as a Flatpak it is sandboxed already, its still possible a malicious executable could do something but the possibilities there are limited.

Currently the permissions on the Flatpak gives no filesystem permissions, so it can't read your user files or edit anything outside its own sandbox directory. The most it could do is something like a crypto miner or local network access. While both of those aren't good, neither is anything more than some JS running on a website you visit can't do so it is very limited in what can be done.

Current Flatpak permissions:

• socket=x11 (Legacy Windowing System)
• share=ipc (Inter-process Communication)
• device=dri (GPU Acceleration)
• socket=pulseaudio (Play Sounds)
• share=network (Network Access)