Sebastian Wick
Sebastian Wick
Maybe I should try to explain why I would like to keep the native messaging host functionality out of portals and expand a bit on the alternative that I'm suggesting....
The problem isn't who execs the native messaging hosts. The problem is that the native messaging hosts might expose APIs on that socket which can be used to escape the...
> As you correctly https://github.com/flatpak/xdg-desktop-portal/pull/1537#issuecomment-2579960342, this is by design and more or less the point of Native Messaging This is not by design, it's just how it turned out to...
Sorry, but the correct response to "this PR contains a security vulnerability" is not to go ahead and merge it.
Rebased because of the testing changes. Works locally but somehow CI fails with the `GetPipes` call with `org.freedesktop.DBus.Error.AccessDenied: Invalid session`. https://github.com/swick/xdg-desktop-portal/commits/wip/webextensions
The fundamental security concerns are still valid and seem to require more fundamental changes to how native messaging works. This is still an important feature and we'd rather have it...
Hey James, good to see you active here! Thanks for looking over the code. I did fix the fd leaks and added a test to make sure that the client...
/ping @chrisawi
Given that this seems to be an old pipewire issue, should we close this?