D8532: [WIP] Restrict file extractor with Seccomp
David Kahles
noreply at phabricator.kde.org
Sat Feb 24 16:37:54 UTC 2018
davidk added a comment.
Sorry for the late reply and the slow process in general. Reallife keeps me busy...
In D8532#198408 <https://phabricator.kde.org/D8532#198408>, @detlefe wrote:
> A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it has been done for Gnome Tracker. But the concerns about maintenance remain, it probably should be tested regularly. Are there ways this can be automated?
If we want to test this, we would need a directory with files for each extractor (kfilemetadata includes such files for its autotests). Then, we should configure seccomp to kill the process if it calls a prohibited syscall. The test should then index all files in the directory. Unfortunately we can't test some things, e.g. the dbus integration and communication with baloo_file. This would need a test which starts the whole extractor as a child process. But i'm not sure if thats feasible. What do you think?
> In case the decision goes in favor of the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev?
That's possible of course.
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D8532
To: davidk, apol, ossi
Cc: detlefe, ngraham, nicolasfella, #frameworks, michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180224/23c71df4/attachment.html>
More information about the Kde-frameworks-devel
mailing list