D8532: [WIP] Restrict file extractor with Seccomp

davidk added a comment. Restricted Application edited subscribers, added: kde-frameworks-devel; removed: Frameworks. I was asked in private about the current state of libseccomp integration and why there was no progress in a long time. The current state is, that I have implemented seccomp

D8532: [WIP] Restrict file extractor with Seccomp

davidk added a comment. In D8532#215476 , @michaelh wrote: > I don't know Seccomp. But as far as I understood this, the same concers apply to the `baloo_file_temp_extractor` baloo-widgets is using. Naivly I suggest to implement this

D8532: [WIP] Restrict file extractor with Seccomp

davidk added a comment. Sorry for the late reply and the slow process in general. Reallife keeps me busy... In D8532#198408 , @detlefe wrote: > A whitelist, even if it is broad, would be desirable to reduce the attack surface of the kernel,

D8532: [WIP] Restrict file extractor with Seccomp

davidk edited the summary of this revision. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi Cc: ngraham, nicolasfella, #frameworks, michaelh

D8532: [WIP] Restrict file extractor with Seccomp

davidk added a comment. So, are there any more opinions on the whitelist vs. blacklist topic? Personally I still prefer the blacklist as I fear regressions in the future, especially because baloo is unmaintained. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532

D8532: [WIP] Restrict file extractor with Seccomp

davidk edited the summary of this revision. davidk edited the test plan for this revision. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi Cc: ngraham, nicolasfella, #frameworks, michaelh

D8532: [WIP] Restrict file extractor with Seccomp

davidk updated this revision to Diff 26108. davidk added a comment. Update TODO items. REPOSITORY R293 Baloo CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8532?vs=21469=26108 BRANCH seccomp REVISION DETAIL https://phabricator.kde.org/D8532 AFFECTED FILES CMakeLists.txt

D8998: Add FindSeccomp to find-modules

This revision was automatically updated to reflect the committed changes. Closed by commit R240:c30802019895: Add FindSeccomp to find-modules (authored by davidk). REPOSITORY R240 Extra CMake Modules CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8998?vs=26106=26107 REVISION DETAIL

D8998: Add FindSeccomp to find-modules

davidk added a comment. Thanks for your review. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin, cgiboudeaux Cc: cgiboudeaux, #frameworks, #build_system, michaelh

D8998: Add FindSeccomp to find-modules

davidk updated this revision to Diff 26106. davidk added a comment. Fix version. REPOSITORY R240 Extra CMake Modules CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8998?vs=24751=26106 BRANCH master REVISION DETAIL https://phabricator.kde.org/D8998 AFFECTED FILES

D8998: Add FindSeccomp to find-modules

davidk added a comment. @cgiboudeaux is it ready to go now? REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: cgiboudeaux, #frameworks, #build_system, michaelh

D8998: Add FindSeccomp to find-modules

davidk marked 14 inline comments as done. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: cgiboudeaux, #frameworks, #build_system

D8532: [WIP] Restrict file extractor with Seccomp

davidk added a comment. In https://phabricator.kde.org/D8532#175079, @ossi wrote: > you *really* should use a whitelist. it's ok if that breaks some 3rdparty extractor; you'll get a bug report which you can properly evaluate. > you could go totally overboard and assign fine-grained

D8998: Add FindSeccomp to find-modules

davidk marked 2 inline comments as not done. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: cgiboudeaux, #frameworks, #build_system

D8998: Add FindSeccomp to find-modules

davidk marked 8 inline comments as not done. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: cgiboudeaux, #frameworks, #build_system

D8998: Add FindSeccomp to find-modules

davidk updated this revision to Diff 24751. davidk marked an inline comment as done. davidk added a comment. Fix remaining problems REPOSITORY R240 Extra CMake Modules CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8998?vs=22958=24751 BRANCH master REVISION DETAIL

D8998: Add FindSeccomp to find-modules

davidk marked 7 inline comments as done. davidk added a comment. Thank you, missed this when renaming the docs. INLINE COMMENTS > cgiboudeaux wrote in FindSeccomp.cmake:12 > so, what about naming your variables Seccomp_LIBRARIES and > Seccomp_INCLUDE_DIRS in the file ? WellI'm for it!

D8998: Add FindSeccomp to find-modules

davidk updated this revision to Diff 22958. davidk added a comment. Fix variable names REPOSITORY R240 Extra CMake Modules CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8998?vs=22931=22958 BRANCH master REVISION DETAIL https://phabricator.kde.org/D8998 AFFECTED FILES

D8998: Add FindSeccomp to find-modules

davidk marked 3 inline comments as done. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: #frameworks, #build_system

D8998: Add FindSeccomp to find-modules

davidk updated this revision to Diff 22931. davidk added a comment. Remove apparently unneeded version check REPOSITORY R240 Extra CMake Modules CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8998?vs=22922=22931 BRANCH master REVISION DETAIL

D8998: Add FindSeccomp to find-modules

davidk added inline comments. INLINE COMMENTS > graesslin wrote in FindSeccomp.cmake:50-55 > No idea, that's copy pasted from some other cmake modules. Well, based on the fact that no other find-module includes such a check, I will remove it. REPOSITORY R240 Extra CMake Modules REVISION

D8998: Add FindSeccomp to find-modules

davidk added inline comments. INLINE COMMENTS > FindSeccomp.cmake:50-55 > +if(CMAKE_VERSION VERSION_LESS 2.8.12) > +message(FATAL_ERROR "CMake 2.8.12 is required by FindSeccomp.cmake") > +endif() > +if(CMAKE_MINIMUM_REQUIRED_VERSION VERSION_LESS 2.8.12) > +message(AUTHOR_WARNING "Your

D8998: Add FindSeccomp to find-modules

davidk added a reviewer: graesslin. REPOSITORY R240 Extra CMake Modules REVISION DETAIL https://phabricator.kde.org/D8998 To: davidk, graesslin Cc: #frameworks, #build_system

D8998: Add FindSeccomp to find-modules

davidk created this revision. Restricted Application added projects: Frameworks, Build System. Restricted Application added subscribers: Build System, Frameworks. REVISION SUMMARY This is copied from KScreenlocker, but will be utilized in Baloo too. TEST PLAN - Autotests are working -

D8461: Remove unused config.h.cmake entries

This revision was automatically updated to reflect the committed changes. Closed by commit R293:d636fdc569ea: Remove unused config.h.cmake entries (authored by davidk). REPOSITORY R293 Baloo CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8461?vs=22171=22172 REVISION DETAIL

D8461: Remove unused config.h.cmake entries

davidk updated this revision to Diff 22171. davidk added a comment. Improve commit message REPOSITORY R293 Baloo CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8461?vs=21277=22171 BRANCH cleanup REVISION DETAIL https://phabricator.kde.org/D8461 AFFECTED FILES

D8330: Open files in TagLib extractor readonly

This revision was automatically updated to reflect the committed changes. Closed by commit R286:098d62874591: Open files in TagLib extractor readonly (authored by davidk). REPOSITORY R286 KFileMetaData CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8330?vs=20855=22170 REVISION

D8461: Remove unused config.h.cmake entries

davidk added a comment. Thanks for the git hint and the revew. Then we should remove this code too. REPOSITORY R293 Baloo BRANCH cleanup REVISION DETAIL https://phabricator.kde.org/D8461 To: davidk, dfaure Cc: dfaure, #frameworks

D8330: Open files in TagLib extractor readonly

davidk added a comment. In https://phabricator.kde.org/D8330#165813, @ngraham wrote: > @davidk, I think you have commit rights; do you want to do the honors? Yes I have commit rights. I'l land it at the weekend. Thanks for your feedback! REPOSITORY R286 KFileMetaData BRANCH

D8532: [WIP] Restrict file extractor with Seccomp

davidk created this revision. Restricted Application added a project: Frameworks. Restricted Application added a subscriber: Frameworks. REVISION SUMMARY Use Seccomp for implementing a sandbox for baloo_file_extractor This change introduces a new optional dependency on libseccomp.

D8461: Remove unused config.h.cmake entries

davidk updated this revision to Diff 21277. davidk added a comment. Fix commit message. REPOSITORY R293 Baloo CHANGES SINCE LAST UPDATE https://phabricator.kde.org/D8461?vs=21276=21277 BRANCH cleanup REVISION DETAIL https://phabricator.kde.org/D8461 AFFECTED FILES

D8461: Remove unused config.h.cmake entries

davidk created this revision. Restricted Application added a project: Frameworks. Restricted Application added a subscriber: Frameworks. REVISION SUMMARY I'm not sure why they were introduced, but they aren't used anywhere in the code. TEST PLAN - "grep -r HAVE_MALLOC_H baloo" -

D8330: Open files in TagLib extractor readonly

davidk added reviewers: vhanda, cgiboudeaux, dfaure. davidk added a comment. Adding some devs who worked on kfilemetadata in the past. REPOSITORY R286 KFileMetaData REVISION DETAIL https://phabricator.kde.org/D8330 To: davidk, #frameworks, vhanda, cgiboudeaux, dfaure Cc: mgallien,

D8330: Open files in TagLib extractor readonly

davidk added a comment. In https://phabricator.kde.org/D8330#156180, @mgallien wrote: > I am not sure about the qWarning. > I would prefer another opinion on that. Some other extractors also print warnings. I think it's the only way a user can spot such problems. But let's

D8330: Open files in TagLib extractor readonly

davidk created this revision. Restricted Application added a project: Frameworks. Restricted Application added a subscriber: Frameworks. REVISION SUMMARY This is useful if the extractor runs sandboxed, and read-write file access is denied. TagLib would retry it readonly, but this saves one

Re: Review Request 125171: Remove the documentation of the non-existent parameter "desktop"

marked as submitted. Review request for KDE Frameworks and Plasma. Changes --- Submitted with commit 8a85589afc0b6c242ab50177bc4b0259268352a7 by David Kahles to branch master. Repository: plasma-framework Description --- Remove the documentation of the non-existent parameter

Review Request 125171: Remove the documentation of the non-existent parameter "desktop"

d Thanks, David Kahles ___ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel

Re: Review Request 125171: Remove the documentation of the non-existent parameter "desktop"

iff: https://git.reviewboard.kde.org/r/125171/diff/ Testing --- Nothing, I think there's no testing needed Thanks, David Kahles ___ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel