On Thu, 2016-11-24 at 10:02 +0000, Carlos Garnacho wrote: > Tracker-extract is not as exposed as Firefox, because the file needs > being in the local filesystem for starters. The web world is well > known for figuratively throwing 3rd party media content to your face, > even in otherwise trusted websites. I think the concern here is that browsers allow websites to download files to your computer without any user interaction. Epiphany goes as far as to open them automatically. I've never previously considered that it's a security risk, simply because attacking an unsandboxed web engine seems like a much easier attack vector, but maybe we should think about changing this behavior. That said, we cannot stop running tracker on ~/Downloads because we want to show downloaded files in our core apps. Similarly, we're going to be processing the files with thumbnailers like the totem thumbnailer as well. Even if we sandbox tracker-extract, that does nothing to avoid bugs that exploit the thumbnailer, so we should really be looking at GStreamer-level mitigation anyway. Michael _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
