Hi. On Mo, 2016-12-05 at 16:42 +0100, Carlos Garnacho wrote: > And I should add... Tracker is not alone here, if it's not Tracker > stumbling on infected content, with varying but still rather low > levels of interaction it may be a thumbnailer, a previewer like sushi, > or the web browser itself streaming content which hit this. So there's > more places in need of further isolation when dealing with untrusted > content. > > And still, the chain is only as strong as its weakest link, as soon as > there is anything opening that file with wide enough permissions to > cause any harm, you're essentially screwed. True. Which is why operating on untrusted input with regular privileges is a bad idea™. The cases you've listed require some degree of user intervention though. The blog post described a way which described very little user intervention which makes is more scary than the attacks that you've just described.
> This might sound like an > argument to running every app through flatpak, although I think the > long term answer always is "fix the vulnerability!". Hah! That'd be great! Let's work hard on making that happen. However, I think by now it's safe to assume that we cannot fix all the C code there is. We've tried for the last decade or so. I like the engagement reg. Rust. I hope it'll be successful. Cheers, Tobi _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list