D8532: [WIP] Restrict file extractor with Seccomp
Oswald Buddenhagen
noreply at phabricator.kde.org
Sun Dec 3 14:10:21 UTC 2017
ossi added a comment.
you *really* should use a whitelist. it's ok if that breaks some 3rdparty extractor; you'll get a bug report which you can properly evaluate.
you could go totally overboard and assign fine-grained syscall capabilities to individual extractors, but i can't really think of legitimate reasons why that would be necessary in this context.
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D8532
To: davidk, apol, ossi
Cc: #frameworks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20171203/307a9719/attachment-0001.html>
More information about the Kde-frameworks-devel
mailing list