On Sat, Dec 17, 2016 at 12:22 AM, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote:
--
On Fri, 2016-12-16 at 12:18 -0500, Matthew Miller wrote:
> Can someone confirm that this update at least mitigates the issue
> highlighted in the blog?
The blog post indicates that it also targets the totem thumbnailer and
totem itself, so no, improving tracker is not sufficient here.
Michael
_______________________________________________
desktop mailing list -- desktop@lists.fedoraproject.org
To unsubscribe send an email to desktop-leave@lists.fedoraproject.org
wrt thumbnailers, I wanted to implement sandboxing for all of them using bubblewrap, see here
https://bugzilla.gnome.org/show_bug.cgi?id=774497
https://bugzilla.gnome.org/show_bug.cgi?id=774497
but then I realized this will break thumbnailing support in flatpak'd applications, so I didn't implement it.
We can try to use seccomp and such in every thumbnailers, but there are all kinds of thumbnailers a user can install (and they all parse untrusted files) so it sounds better if we implement some sort of a generic solution to sandbox *all* thumbnailers, instead of plugging holes in individual ones...
--
-Elad.
_______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
