On Nov 23, 2016 2:21 PM, <carlosg@xxxxxxxxx> wrote:
>
> Hi,
>
> > On Nov 23, 2016 8:11 AM, "Stephen John Smoogen" <smooge(a)gmail.com> wrote:
> > wrote:
> >
> > Can we leave tracker enabled but disable literally every miner? AFAIK the
>
> That is literally, overreacting. Of all tracker processes, only tracker-extract may be expected to open() potentially untrusted files, tracker-miner-fs merely opens private tracker files, and all basic filesystem data extraction is performed through the opendir/stat/inotify_add_watch syscalls, what is exactly insecure in there?
Sorry, maybe I misunderstood what a "miner" is. What I mean is: disable anything that tries to parse file contents. Presumably this means tracker-extract.
>
> Sure, tracker-extract depends on "untrusted" 3rd party libraries, but there is nothing insecure in tracker design to consider its miners an inherent security risk.
Yes there is. It opens files that may be drive-by downloads and parses them with code that was never designed witg security in mind, is written in memory-unsafe languages, isn't sandboxed, and apparently loads plugins.
This is every bit as bad as all the crapy wormable antivirus systems on Windows that Google has been busy poking holes in.
>
> > mandatory uses of tracker only care about filenames and don't need contents
> > at all.
>
> Not true, full-text search works over more than filenames.
Full-text search is not mandatory. Nautilus works without it.
>
> >
> > I would go even farther and argue that Fedora should not, by default, ever
> > enable a miner that isn't running in *strict* seccomp mode. If that means
> > that cat pictures aren't identified as such, so be it. And if it means
> > that several Fedora releases go by with a less functional search, that's
> > fine too.
>
> *points to the written above*, you're talking about rendering entire applications useless based on... not exactly sure what.
The applications that depend on tracker-extract are depending on wildly insecure code that exposes a huge attack surface. This is IMO not okay.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx