Re: Tracker as a security risks
- From: Tobias Mueller <muelli cryptobitch de>
- To: Hanno Böck <hanno hboeck de>
- Cc: desktop-devel-list <desktop-devel-list gnome org>
- Subject: Re: Tracker as a security risks
- Date: Mon, 05 Dec 2016 14:31:39 +0100
Hi Hanno.
Thanks for bringing it up.
On Mo, 2016-12-05 at 14:03 +0100, Hanno Böck wrote:
The core problem here is that tracker automatically parses files of
potentially unknown origin with parsers that haven't been built with
security in mind. This happens without any sandboxing.
Right. But sandboxing the parsers properly would mitigate most of the
problems, right?
I know too little about Tracker's architecture to be able to estimate
how much of a problem it would be to have the parsers run in a sandbox.
I hope it's an easy change to make and it may be even planned already.
Let's hope someone from the Tracker team can comment.
Cheers,
Tobi
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]