Bug 774498 – Can we sandbox tracker-extract with bubblewrap?

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 774498 - Can we sandbox tracker-extract with bubblewrap?


Summary:	Can we sandbox tracker-extract with bubblewrap?


Status:	RESOLVED DUPLICATE of bug 764786

Product:	tracker
Classification:	Core
Component:	Extractor
Version:	1.1.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	tracker-extractor
QA Contact:	tracker-extractor

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-11-15 23:07 UTC by Elad Alfassa
Modified:	2017-07-22 06:06 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Elad Alfassa 2016-11-15 23:07:20 UTC

Inspired by this tracker-related 0day, https://scarybeastsecurity.blogspot.co.il/2016/11/0day-poc-risky-design-decisions-in.html

Can we sandbox tracker-extract using bubblewrap[1]? tracker-extract involves parsing a lot of different file types, and since tracker is commonly configured to index quite a lot by default, it's an "obvious" candidate for sandboxing to reduce attack surface.


[1] https://github.com/projectatomic/bubblewrap

Comment 1 Christian Stadelmann 2016-11-17 21:19:34 UTC

Duplicate of https://bugzilla.gnome.org/show_bug.cgi?id=764786.

Comment 2 Elad Alfassa 2016-11-17 21:42:47 UTC


*** This bug has been marked as a duplicate of bug 764786 ***