Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 931
    • Issues 931
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 18
    • Merge requests 18
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #14612

Closed
Open
Created Sep 07, 2017 by anonym@anonymMaintainer

Pidgin exposes everything through its D-Bus service

Originally created by @anonym on #14612 (Redmine)

See e.g.: https://developer.pidgin.im/wiki/DbusHowto

So Tor Browser can totally sniff your buddy list and send your friends creepy messages.

Disabling this interface some how would solve this, but we’re gonna use it in Tails Server’s client application, to automate account creation, joining the right chat, etc. intrigeri tells me we could do D-Bus mediation with AppArmor once Linux 4.16 is available to us (unless it’s delayed) which sounds ideal.

Feature Branch: bugfix/14612-deny-access-to-pidgin-dbus-service

Related issues

  • Blocks #13234 (closed)
Edited May 15, 2020 by anonym
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking