ID: 630PHID: PHID-TASK-5ypghlijurqrjpnp26flAuthor: HulaHoopStatus at Migration Time: wontfixPriority at Migration Time: Low
Repost:
Automated browser downloads + bug ridden FS indexing parsers like KDE Baloo are a serious threat to systems and a really easy way to mount RCEs on desktops.
AFAIK Baloo is disabled by default but I’m not sure. Can you confirm that it is if its not the case? and of course we need to keep an eye out for it on Whonix Stretch.
Phoronix is the leading technology website for Linux hardware reviews, open-source news, Linux benchmarks, open-source benchmarks, and computer hardware performance tests.
2017-04-13 19:23:29 UTC
2017-06-16 19:36:50 UTC
It appears that baloo is disabled by default. On a fresh WS:
balooctl status
it says disabled.
Baloo is installed by default in both GW and WS
If baloo shouldn’t be on by default in Whonix, then lets not include the baloo package (and 2 dependencies?) at all.
dpkg -l | baloo
Hmm but apt-get remove shows that dolphin and some whonix packages (??) depend on it.
2017-06-16 19:41:11 UTC
2017-06-16 21:29:47 UTC
It’s off by default. If someone enables it by choice, should we warn them to turn it off? Warn them that it’s another attack vector? Is it a big enough security risk? whonixcheck shouldn’t be in charge of checking and warning the user about most modifications they make that may be attack vectors.
Compromise: Kick the problem to deb 10 and see if they’ve turned it on by default. Worry about it then.
2017-06-16 23:17:47 UTC
JasonJAyalaP (Jason J. Ayala P.):
JasonJAyalaP added a comment.
It’s off by default. If someone enables it by choice, should we warn
Good question. My idea was to make sure it stays disabled in Debian 10
Compromise: Kick the problem to deb 10 and see if they’ve turned it
Right.
2018-11-20 15:59:47 UTC