tsdgeos
commented
1 year ago Why do you think i should not be allowed to the valgrind manual located at /usr/share/doc/valgrind/valgrind_manual.pdf ?
Closed boredsquirrel closed 1 year ago
tsdgeos
commented
1 year ago Why do you think i should not be allowed to the valgrind manual located at /usr/share/doc/valgrind/valgrind_manual.pdf ?
boredsquirrel
commented
1 year ago Didnt know that was a thing. Better?
tsdgeos
commented
1 year ago I don't know i honestly don't see the point of this change.
boredsquirrel
commented
1 year ago Okular can now write to certain locations, for example edited PDFs, and the others are still readable. There are lots of seperate directories, so users can simply uncheck them.
Before: read and modify the whole system
Here: modify selected parts seperated into directories, read everything
Its not secure or isolated or anything, but more transparent and choosable
tsdgeos
commented
1 year ago Before: All paths on the system are readable
Now: Some paths are not
Doesn't seem an improvement to me.
Erick555
commented
1 year ago Why do you think i should not be allowed to the valgrind manual located at /usr/share/doc/valgrind/valgrind_manual.pdf ?
This is unfortunate example since --filesystem=host which is currently used by okular doesn't allow access for that path so this PR changes nothing in this regard.
This path and all others is still accessible through file portal (with all file portal limitations).
flathubbot
commented
1 year ago Started test build 61901
it should not have host access
This is not hardening, its simply all the locations media file actually are at. Its a start for easier hardening also for users