Re: Tracker as a security risks

From: Tobias Mueller <muelli cryptobitch de>
To: Carlos Garnacho <carlosg gnome org>, Hanno Böck <hanno hboeck de>
Cc: desktop-devel-list <desktop-devel-list gnome org>, Tracker mailing list <tracker-list gnome org>
Subject: Re: Tracker as a security risks
Date: Mon, 05 Dec 2016 17:43:15 +0100

Hi.

On Mo, 2016-12-05 at 16:42 +0100, Carlos Garnacho wrote:

And I should add... Tracker is not alone here, if it's not Tracker
stumbling on infected content, with varying but still rather low
levels of interaction it may be a thumbnailer, a previewer like sushi,
or the web browser itself streaming content which hit this. So there's
more places in need of further isolation when dealing with untrusted
content.

And still, the chain is only as strong as its weakest link, as soon as
there is anything opening that file with wide enough permissions to
cause any harm, you're essentially screwed.

True. Which is why operating on untrusted input with regular privileges
is a bad idea™.  The cases you've listed require some degree of user
intervention though. The blog post described a way which described very
little user intervention which makes is more scary than the attacks
that you've just described.

 This might sound like an
argument to running every app through flatpak, although I think the
long term answer always is "fix the vulnerability!".

Hah! That'd be great! Let's work hard on making that happen. However, I
think by now it's safe to assume that we cannot fix all the C code
there is. We've tried for the last decade or so.

I like the engagement reg. Rust. I hope it'll be successful.

Cheers,
  Tobi

References:
- Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Sam Thursfield
- Re: Tracker as a security risks
  - From: Hanno Böck
- Re: Tracker as a security risks
  - From: Carlos Garnacho

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]