Re: Tracker as a security risks

On Fri, 9 Dec 2016 07:11:11 +0100, Tomasz Torcz <tomek pipebreaker pl> wrote:
On Fri, Dec 09, 2016 at 01:35:39AM +0100, Michael Biebl wrote:
2016-12-06 0:03 GMT+01:00 Michael Catanzaro <mcatanzaro gnome org>:
On Mon, 2016-12-05 at 21:31 +0100, Carlos Garnacho wrote:
Thanks for the tip :), worth a look indeed, although I'm looking into
using seccomp directly.

Strongly consider using libseccomp for this!

Has it been considered to use the systemd sandboxing features? tracker
already ships systemd --user service files, so you'd basically get
that for free.

  Correct me if I'm wrong, but aren't systemd sandboxing features only
available to system instance?  User systemd sessions lack priviledges
to set up separate namespaces etc.

  Also, in additional to libseccomp, there's
for sandboxing. It is suid binary, though.

As long as letting a wrapper binary exec(3) the Tracker extractors, I would go
for this solution.

Flatpak uses a combination of bubblewrap and libseccomp for sandboxing. Which
mean that bubblewrap is getting a good deal of testing already. Despite being
setuid it is small enough to allow code reviews, so IMHO the setuid bit is a
non-problem (there used to be a capabilities operating mode, but that is gone
now [1] because well, it needed a lot of them, so it may as well be setuid!)




Attachment: pgpGBguzMun8C.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]