Simon McVittie discovered that flatpak-portal service allowed sandboxed
applications to execute arbitrary code on the host system (a sandbox
escape). A malicious user could create a Flatpak application that set
environment variables, trusted by the Flatpak "run" command, and use it
to execute arbitrary code outside the sandbox.