fvogt added a comment.
AFAICT this won't actually protect much - the open DBus socket is enough to execute arbitrary programs. The best design would be (IMO, not sure how well the current architecture fits) to have a fully sandboxed executable which can only communicate with baloo over a single socket. Over that socket it receives a (read-only) file descriptor for the to be dissected file and then sends the result to baloo. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D8532 To: davidk, apol, ossi, #frameworks, smithjd, bruns Cc: fvogt, mgallien, kde-frameworks-devel, michaelh, #baloo, detlefe, ngraham, nicolasfella, ashaposhnikov, astippich, spoorun, bruns, abrahams
