Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Jul 22, 2015, 4:59:55 AM (9 years ago)
- Author:
-
mmcco
- Comment:
-
Pidgin processes need continued access to /usr/share for GTK stuff, other related privsep fixes
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v52
|
v53
|
|
| 135 | 135 | Privilege separation is one of the easiest ways to improve Pidgin's security. |
| 136 | 136 | |
| 137 | | Generally, there are only two types of file access for Pidgin/libpurple: |
| | 137 | After initial library loading, there are three types of file access for Pidgin: |
| 138 | 138 | * access to libpurple-specific files in `~/.purple/` |
| 139 | 139 | * access to files in arbitrary locations for file transfers |
| | 140 | * GTK-related files (icons, etc.) from `/usr/share` |
| 140 | 141 | |
| 141 | | This makes the solution pretty clear: have a process for Pidgin's core that's chrooted to `~/.purple/` and a file transfer helper process with arbitrary file access. |
| | 142 | Of course, the third does not apply to libpurple. |
| 142 | 143 | |
| 143 | | Later, additional daemons could be added for things like logging and chrooted to subdirectories of `~/.purple/`. This would further protect user credentials and OTR keys. |
| | 144 | This suggests a solution: we can have a process for Pidgin's core that's restricted to `~/.purple/` and `/usr/share`, and a file transfer helper process with arbitrary file access. |
| | 145 | |
| | 146 | Later, additional daemons could be added for things like logging and restricted to subdirectories of `~/.purple/`. This would further protect user credentials and OTR keys. |
| 144 | 147 | |
| 145 | 148 | === Breakages === |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
