On Tue, Mar 8, 2011 at 8:35 AM, Arjan van de Ven <ar...@linux.intel.com>wrote:
> On 3/8/2011 1:39 AM, Martyn Russell wrote: > >> On 08/03/11 06:32, Marius Vollmer wrote: >> >>> ext Arjan van de Ven<ar...@linux.intel.com> writes: >>> >>> (we're seeing quite some crashes, which worries me from a security >>>> pov) >>>> >>> >>> In my experience, these crashes happen mostly in the various extractor >>> modules, which try to parse as many obscure file formats as possible, >>> sometimes with quationable code. This task is done in separate >>> processes (with as few capabilities as possible, ideally), to protect >>> the rest of the system from them. >>> >> >> Just to add to Marius' comments here: >> >> Yes, he is 100% right. From very early on, we decided to design the >> extractor as a separate process because we often see crashes with rogue >> files pushed through the mill crashing for different reasons. I should >> emphasis at this point, this is rarely tracker-extract's fault, but more >> commonly the libraries we depend on crashing with interesting files. We've >> seen this with GStreamer, libjpeg, libtiff, poppler, etc. >> > > kinda scary... we need to pay close attention to these. We need to pay *extremely* close attention to these. These types of failures are indicative of buffer handling errors. If we aren't handling these buffers correctly (for whatever reason), then we *will* have security issues. Be it tracker-extract's fault or one of it's dependent libraries, these behaviors are not acceptable in MeeGo. Ryan
_______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines