davidk added a comment.
Sorry for the late reply and the slow process in general. Reallife keeps me busy... In D8532#198408 <https://phabricator.kde.org/D8532#198408>, @detlefe wrote: > A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel, and is also the way it has been done for Gnome Tracker. But the concerns about maintenance remain, it probably should be tested regularly. Are there ways this can be automated? If we want to test this, we would need a directory with files for each extractor (kfilemetadata includes such files for its autotests). Then, we should configure seccomp to kill the process if it calls a prohibited syscall. The test should then index all files in the directory. Unfortunately we can't test some things, e.g. the dbus integration and communication with baloo_file. This would need a test which starts the whole extractor as a child process. But i'm not sure if thats feasible. What do you think? > In case the decision goes in favor of the blacklist, would it be possible to add ptrace, process_vm_readv, process_vm_writev? That's possible of course. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi Cc: detlefe, ngraham, nicolasfella, #frameworks, michaelh
