Re: F24 GStreamer zero day

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 23, 2016 at 2:58 PM, Andrew Lutomirski <luto@xxxxxxx> wrote:
>
>>
>> >
>> > I would go even farther and argue that Fedora should not, by default,
>> > ever
>> > enable a miner that isn't running in *strict* seccomp mode.  If that
>> > means
>> > that cat pictures aren't identified as such, so be it.  And if it means
>> > that several Fedora releases go by with a less functional search, that's
>> > fine too.
>>
>> *points to the written above*, you're talking about rendering entire
>> applications useless based on... not exactly sure what.
>
> The applications that depend on tracker-extract are depending on wildly
> insecure code that exposes a huge attack surface.  This is IMO not okay.

Fixing this shouldn't even be hard.  It could be done like this:

Version A: Instead of having tracker-extract be a dbus service that
extracts directly, have it run tracker-extract once per file.  Rather
than passing in the file by name, though, pass it as an fd and run
tracker-extract in a context in which it has read-only access to /usr
and /etc and has nothing else in its namespace.

Version B: Have tracker-extract fork and open the file.  Before
reading it at all, though, it heavily sandboxes itself such that it
can't use the filesystem.  Then it extracts the file and exits.

It may be that tracker-extract the service is already forking once per
file, in which case these reduce to more or less the same thing.

And I really would argue that Fedora should turn off tracker-extract
by default until something like this gets done.  The current state of
affairs is, in my opinion, unacceptably dangerous.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux