D8532: [WIP] Restrict file extractor with Seccomp

David Kahles noreply at phabricator.kde.org
Fri Jan 5 09:24:22 UTC 2018


davidk added a comment.


  In https://phabricator.kde.org/D8532#175079, @ossi wrote:
  
  > you *really* should use a whitelist. it's ok if that breaks some 3rdparty extractor; you'll get a bug report which you can properly evaluate.
  >  you could go totally overboard and assign fine-grained syscall capabilities to individual extractors, but i can't really think of legitimate reasons why that would be necessary in this context.
  
  
  It would be more secure, of course. But the downside is a higher maintenance cost, as one need to check whether the filter works for every QT version, because if a QT function starts using another syscall, baloo may get problems.
  I'm not sure which way to go here.
  
  I think we cannot use different (less strict) filters for different extractors, as a child process has at least the same restrictions as its parent process. Making filters for external extractors more strict would be possible, but i doubt it would be useful.

REPOSITORY
  R293 Baloo

REVISION DETAIL
  https://phabricator.kde.org/D8532

To: davidk, apol, ossi
Cc: #frameworks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180105/ed7cfad0/attachment.html>


More information about the Kde-frameworks-devel mailing list