D8532: [WIP] Restrict file extractor with Seccomp
David Kahles
noreply at phabricator.kde.org
Fri Jan 5 09:24:22 UTC 2018
davidk added a comment.
In https://phabricator.kde.org/D8532#175079, @ossi wrote:
> you *really* should use a whitelist. it's ok if that breaks some 3rdparty extractor; you'll get a bug report which you can properly evaluate.
> you could go totally overboard and assign fine-grained syscall capabilities to individual extractors, but i can't really think of legitimate reasons why that would be necessary in this context.
It would be more secure, of course. But the downside is a higher maintenance cost, as one need to check whether the filter works for every QT version, because if a QT function starts using another syscall, baloo may get problems.
I'm not sure which way to go here.
I think we cannot use different (less strict) filters for different extractors, as a child process has at least the same restrictions as its parent process. Making filters for external extractors more strict would be possible, but i doubt it would be useful.
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D8532
To: davidk, apol, ossi
Cc: #frameworks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180105/ed7cfad0/attachment.html>
More information about the Kde-frameworks-devel
mailing list