Re: Tracker as a security risks



Hi Hanno.

Thanks for bringing it up.

On Mo, 2016-12-05 at 14:03 +0100, Hanno Böck wrote:
The core problem here is that tracker automatically parses files of
potentially unknown origin with parsers that haven't been built with
security in mind. This happens without any sandboxing.
Right.  But sandboxing the parsers properly would mitigate most of the
problems, right?

I know too little about Tracker's architecture to be able to estimate
how much of a problem it would be to have the parsers run in a sandbox.
I hope it's an easy change to make and it may be even planned already.
Let's hope someone from the Tracker team can comment.

Cheers,
  Tobi


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]