Document security implications of HTTP endpoints
There are two ways you can use Tracker to open a HTTP port:
tracker endpoint --http-port
- tracker_endpoint_http_new()
We should document the security implications of opening a HTTP port in both places, in particular:
- If you open a HTTP endpoint for the Tracker Miner FS database, anyone on the same network as you can run arbitrary queries on your search data.
- There is (AFAICS) no mechanism to change or remove data via the HTTP endpoint. (There is a risk that a bug in libtracker-sparql exploited over HTTP could be used to change or remove data.)
- Linking libtracker-sparql into a larger service exposes that service to risks - a bug in libtracker-sparql exploitable over HTTP could be used to control that service by an attacker.
Sounds paranoid, but the internet is a dangerous place and we should be very clear, if anyone uses this code in a commercial product or web service its up to them to do a security audit.