On 08/03/11 06:32, Marius Vollmer wrote:
ext Arjan van de Ven<[email protected]> writes:
(we're seeing quite some crashes, which worries me from a security
pov)
In my experience, these crashes happen mostly in the various extractor
modules, which try to parse as many obscure file formats as possible,
sometimes with quationable code. This task is done in separate
processes (with as few capabilities as possible, ideally), to protect
the rest of the system from them.
Just to add to Marius' comments here:
Yes, he is 100% right. From very early on, we decided to design the
extractor as a separate process because we often see crashes with rogue
files pushed through the mill crashing for different reasons. I should
emphasis at this point, this is rarely tracker-extract's fault, but more
commonly the libraries we depend on crashing with interesting files.
We've seen this with GStreamer, libjpeg, libtiff, poppler, etc.
From a security point of view, these crashes are our #1 priority to fix
so please push these bugs upstream OR at least link to them on the
upstream mailing list if they're priority. Right now we have 4 mailing
lists, 2 IRC channels and 4 bug tracking tools (GNOME, Nokia, MeeGo,
Launchpad, and RedHat if you really want to start including others) to
try to keep up with and it is hard to keep up with all of them at the
same time.
On a somewhat related note, I took a look at one of the initial emails
sent to this list by Carsten which linked to this bug:
https://bugs.meego.com/show_bug.cgi?id=1
Presumably you're not still using version 0.7 of Tracker?
Tracker 0.10.x improves start up time for miner-fs DRAMATICALLY because
we don't re-check all parent directories on start up, instead we only
set up monitors (which takes seconds for thousands of directories).
Later with FANotify, this will be even faster, but we're still
developing such technology.
--
Regards,
Martyn
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines
