D8532: [WIP] Restrict file extractor with Seccomp
Detlef Eppers
noreply at phabricator.kde.org
Wed Jan 31 14:15:42 UTC 2018
detlefe added a comment.
A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it was done for Gnome Tracker. But the concerns about maintenance remain, someone should test it regularly. Are there ways this can be automated?
In case the decision falls for the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev?
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D8532
To: davidk, apol, ossi
Cc: detlefe, ngraham, nicolasfella, #frameworks, michaelh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20180131/77dda227/attachment.html>
More information about the Kde-frameworks-devel
mailing list