Pidgin exposes everything through its D-Bus service
See e.g.: https://developer.pidgin.im/wiki/DbusHowto
So Tor Browser can totally sniff your buddy list and send your friends creepy messages.
Disabling this interface some how would solve this, but we’re gonna use it in Tails Server’s client application, to automate account creation, joining the right chat, etc. intrigeri tells me we could do D-Bus mediation with AppArmor once Linux 4.16 is available to us (unless it’s delayed) which sounds ideal.
Feature Branch: bugfix/14612-deny-access-to-pidgin-dbus-service
Related issues
- Blocks #13234 (closed)
Original created by @anonym on 14612 (Redmine)