D8532: [WIP] Restrict file extractor with Seccomp
Stefan BrĂ¼ns
noreply at phabricator.kde.org
Tue Jun 11 17:55:57 BST 2019
bruns added a comment.
I totally agree with fvogt here - the extractors should just receive a readonly file descriptor.
For this, there are several steps required:
1. let the extractors work with file descriptors (KFileMetaData)
2. make sure the extractor plugins are fully initialized before receiving file descriptors
3. actually feed file descriptors to the extractor
(1.) is trivial for some extractors (e.g. taglib), for others it may be hard.
(2.) depends on several things - the plugins must be instantiated early (which clashes with the lazy loading), and the plugin may not load any external resources later on.
Using file descriptors has another benefit - currently, the file is stat'ed and so on, and then the corresponding path is fed to the extractor. It would be much better to open the file, use fstatat and friends, run the extractor and close the file again.
REPOSITORY
R293 Baloo
REVISION DETAIL
https://phabricator.kde.org/D8532
To: davidk, apol, ossi, #frameworks, smithjd, bruns
Cc: fvogt, mgallien, kde-frameworks-devel, michaelh, #baloo, detlefe, ngraham, nicolasfella, LeGast00n, domson, ashaposhnikov, astippich, spoorun, bruns, abrahams
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20190611/124c4944/attachment.html>
More information about the Kde-frameworks-devel
mailing list