D8532: [WIP] Restrict file extractor with Seccomp

David Kahles noreply at phabricator.kde.org
Sat Feb 24 16:37:54 UTC 2018


davidk added a comment.


  Sorry for the late reply and the slow process in general. Reallife keeps me busy...
  
  In D8532#198408 <https://phabricator.kde.org/D8532#198408>, @detlefe wrote:
  
  > A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it has been done for Gnome Tracker. But the concerns about maintenance remain, it probably should be tested regularly. Are there ways this can be automated?
  
  
  If we want to test this, we would need a directory with files for each extractor (kfilemetadata includes such files for its autotests). Then, we should configure seccomp to kill the process if it calls a prohibited syscall. The test should then index all files in the directory. Unfortunately we can't test some things, e.g. the dbus integration and communication with baloo_file. This would need a test which starts the whole extractor as a child process. But i'm not sure if thats feasible. What do you think?
  
  > In case the decision goes in favor of the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev?
  
  That's possible of course.

REPOSITORY
  R293 Baloo

REVISION DETAIL
  https://phabricator.kde.org/D8532

To: davidk, apol, ossi
Cc: detlefe, ngraham, nicolasfella, #frameworks, michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180224/23c71df4/attachment.html>


More information about the Kde-frameworks-devel mailing list