Remote execution in the GNOME tracker
While the vulnerability itself is pretty run-of-the-mill, the recently disclosed GNOME vulnerability has a number of interesting facets. The problem lies in a library that reads files in a fairly obscure format, but it turns out that files in that format are routinely—automatically—processed by GNOME if they are downloaded to the local system. That turns a vulnerability in a largely unknown library into a one-click remote-code-execution flaw for the GNOME desktop.
libcue vulnerability
The bug was found by Kevin Backhouse, who reported it in an admirably detailed disclosure on the GitHub blog; Backhouse is a security researcher at GitHub. The cue sheet format, which stores information about the tracks on a compact disc (CD), is at the heart of the problem. The actual flaw was found and fixed in the libcue parsing library for the format. Its bison-based parser uses the venerable (and problematic) atoi() function to convert a string to an integer—without any kind of integer overflow check.
That means that an entry in the cue file, which could be coming from an untrusted source, can produce a negative number in an unexpected place. In and of itself that is not a security problem, but the value is used (as i) in the track_set_index() function without a proper sanity check:
if (i > MAXINDEX) {
fprintf(stderr, "too many indexes\n");
return;
}
track->index[i] = ind;
A negative i will obviously cause a write outside of the array
bounds at an attacker-controlled location. In addition, the value of
ind comes from the cue file, so an attacker can use it to write a
value of their choosing to a location they control. That's a recipe for
compromise, of course. The fix is simple: also check for a negative
i in the test—or use an unsigned value.
Normally, though, one would not really expect to use either the file format or libcue except in applications that are dealing with CDs in various ways: rippers, music players, and the like. If those applications use libcue and processed a malicious cue file, they were vulnerable, but the scope of the problem would have been far more limited. There is another user of the library that operates in a less-obvious fashion, however: the GNOME desktop tracker search engine automatically parses files that get stored in certain directories.
Tracker makes it easier for users to search for things on their desktop, but it also exposes the parsing process to potentially malicious content. Clicking a link in a browser that results in downloading a cue file will result in the tracker miner running a tracker-extract process for the cue format, which uses libcue. Beyond just that format, though, there may be vulnerabilities lurking in parsers and libraries for other formats that are automatically parsed by tracker.
But, as reported by Backhouse, the GNOME tracker developers were at first surprised that his exploit (which he shows in a video, but the code is not yet released) was able to escape the sandbox that is being used for the tracker miners. He had encountered the sandbox while working on his exploit, but did not recognize what it was; he hit an error message about a disallowed system call, but tried another path that avoided the call, which worked. The biggest problem he needed to solve was how to route around the address-space layout randomization (ASLR) applied to the tracker-extract program.
Sandbox weakness
It turns out that the sandbox used by tracker-extract had a known weakness, as tracker developer Carlos Garnacho reported on his blog. It is based on seccomp() filters and is quite restrictive in what it allows:
Tracker took the most restrictive approach, making every system call fail with SIGSYS by default, and carving the holes necessary for correct operation of the many dependencies within the operational parameters established by yours truly (no outside network access, no filesystem write access, no execution of subprocesses). The list of rules is quite readable in the source code, every syscall there has been individually and painstakingly collected, evaluated, and pondered for inclusion.
But those policies were not applied throughout, unfortunately; there were things that the tracker needed to be able to do that could not easily be allowed while still maintaining tight restrictions on the rest. So the tracker developers took a shortcut and only applied the seccomp() restrictions to the thread that did the actual parsing and not to the main dispatcher thread. That way, the main thread could still perform the other system calls, but, of course, all of the threads share the same address space. So, the vulnerability in libcue overwrote memory in a way that caused the main thread to misbehave. As Garnacho noted, rather apologetically, that led to this highly visible vulnerability:
While not perfectly airtight, the sandbox in this case is already a defense in depth measure, only applicable after other vulnerabilities (most likely, in 3rd party libraries) were already successfully exploited, all that can be done at that point is to deter and limit the extent of the damage, so the sandbox role is to make it not immediately obvious to make something harmful without needle precision. While the "1-click exploit in GNOME" headline is surely juicy, it had not happened for these 7 years the sandbox existed, despite our uncontrollable hose of dependencies (hi, GStreamer), or our other dependencies with a history of CVEs (hi Poppler, libXML et al), so the sandbox has at least seemed to fulfill the deterrence role.But there is that, I knew about the potential of a case like this and didn't act in time. I personally am not sure this is a much better defense than "I didn't know better!".
Garnacho has since made a series
of changes to include the main thread in the
seccomp()-protected sandbox. He recognizes that there will be
fallout from that change: "one does not go willy-nilly adding paranoid
sandbox restrictions to a behemoth like GStreamer and call it an early
evening
". He is hopeful that, after a release or two, the reports of
problems will "settle back to relatively boring
"; he also has some
ideas for future security enhancements and suggests that the "rewrite it in
Rust" folks consider working on some of the tracker-extract dependencies.
While this is a serious vulnerability that has put a lot of systems at risk, it seems to have been handled well by the libcue and tracker developers; the bug was also managed well by Backhouse, according to Garnacho. There are no reports of it being exploited in the wild and fixes should be available "everywhere" at this point, so the community has largely dodged a bullet. The reports by Backhouse and Garnacho are useful for understanding the bugs, and for hopefully avoiding some of these kinds of problems in the future. An upcoming post from Backhouse, which will include the proof-of-concept exploit and some additional information about his efforts, should prove instructive as well.
There is a lot of noise about rewriting the world in memory-safe languages, which is certainly a noble goal. But, in the meantime, we are all running lots of code from non-memory-safe languages on our systems. In order for that to change, these rewrites are going to have to integrate well with the existing infrastructure—or we are going to have to wait for all of that infrastructure to be rewritten as well. Finding ways to work in memory-safe replacements for existing components in the interim may well prove to be a larger challenge than the already-huge job of doing the rewrites.
Something that should be considered, perhaps, is scrutinizing all of these "convenient" things that our desktops do behind the scenes. Those actions may be buying security headaches that are worse than the convenience being gained—at least for some users. Desktops that automatically mount USB devices, potentially leading to kernel crashes or compromises, are a case in point. Even with proper sandboxes, or replacement with memory-safe equivalents, there are probably more surprises of an unpleasant variety awaiting processes that auto-parse untrusted input. There is a balance to be struck between security and convenience, for sure, but one wonders at times if the pendulum has moved too far in the convenience direction.
Posted Oct 11, 2023 21:36 UTC (Wed)
by roc (subscriber, #30627)
[Link]
Posted Oct 12, 2023 9:24 UTC (Thu)
by jengelh (guest, #33263)
[Link] (14 responses)
There is a somewhat low-hanging fruit here: Write programs with a process model in mind, e.g. like Postfix has employed it successfully for over 20 years. X and Wayland are essentially also process-based environments with IPC going on between a compositor and a program that paints into a buffer.
Posted Oct 12, 2023 12:14 UTC (Thu)
by grawity (subscriber, #80596)
[Link] (13 responses)
In a sense, that's what tracker-extract already was – it's a worker process that gets a job queue via IPC from tracker-miner (the crawler) and stores results via IPC in tracker proper (the database).
The problem is that those processes need to sandbox themselves competently, otherwise you get this.
Posted Oct 12, 2023 14:38 UTC (Thu)
by tialaramex (subscriber, #21167)
[Link] (10 responses)
No. There is no need for this to be written in a general purpose programming language and then try to "sandbox" it. This component should be written in WUFFS. Because WUFFS isn't a general purpose language, it's not necessary that functions such as "If the right bytes are provided as input, execute arbitrary code to escape from a sandbox" can be written even on purpose, let alone by accident.
In WUFFS: A buffer overflow won't compile. Not "Oh we add runtime bounds checks for you", it just says nah, this code might have a bounds miss so you can't do that. You can write your own bounds check and, if it's correct, that'll work, most likely you'll write "fast" code that doesn't need bounds checks, and, again, if it's correct that'll work too.
WUFFS is focused on mechanically proving that whatever you've written is safe. Is it correct? Don't care. But it's safe. Maybe you write some WUFFS to turn JPEGs into 16x16 thumbnail images. Does it produce orange blocks for an input of a grassy landscape even thought that's clearly wrong? WUFFS doesn't care. But what it won't do is oops, I just executed the sixth lines of pixels as raw machine code on your computer.
Everybody (phone vendors, browsers, and in this case Linux desktop environments) needs to stop trying to use "sandboxes" for their own code rather than just using provably safe techniques so it's faster and not ridden with security holes.
Posted Oct 12, 2023 15:54 UTC (Thu)
by eru (subscriber, #2753)
[Link]
Posted Oct 12, 2023 16:07 UTC (Thu)
by pizza (subscriber, #46)
[Link] (8 responses)
Sure, for a _new_ parser it's logical to use more modern tooling for parsers and other sensitive code. Meanwhile, in the real world, WUFFS' first (public) commit was in April 2017 versus June 2004 for libcue. How dare its authors not have a time machine!
So unless you're volunteering to write (or fund) a new parser using wuffs, and update all of the applications that use libcue to use this new parser... oh, and multiply that by the hundreds of other parsers out there and the tens of thousands of applications that use them...
That's why sandboxes are used; it allows vastly improved safety _today_ with old code, while you wait for safely-rewritten stuff to be usable. If ever.
Posted Oct 12, 2023 17:42 UTC (Thu)
by Tobu (subscriber, #24111)
[Link] (1 responses)
Posted Oct 13, 2023 8:07 UTC (Fri)
by epa (subscriber, #39769)
[Link]
Posted Oct 12, 2023 18:16 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link] (4 responses)
Part of the problem, though, is a false sense of security. People believe their sandbox will protect them, so they don't bother to do other things like rewriting in a safer language. It's a general problem with defense in depth strategies. Anyone without exceptional discipline tends to relax because someone else is taking care of the problem. The net result is you wind up with much less security than you'd expect because the individual layers are less effective than they would be in isolation. This is by no means limited to computers. You see it anywhere this kind of layered defense approach is used.
Of course this is an obscure library for an obscure format that hasn't been very relevant for a while, so it's quite possible it would never get updated until someone found a security hole. If that's the case, maybe it shouldn't be installed by default. It seems like a good case for reducing attack surface by installing fewer libraries. The system should be able to ignore files in unknown formats, so not installing libraries for unused formats would just result in files from those formats being skipped. People who install libraries to deal with .cue files would still be vulnerable, but anyone who doesn't need that feature would be protected.
Posted Oct 12, 2023 18:44 UTC (Thu)
by pizza (subscriber, #46)
[Link] (2 responses)
Yeah. I think, including the fix to this flaw, there have been five commits in the past six years.
> If that's the case, maybe it shouldn't be installed by default. It seems like a good case for reducing attack surface by installing fewer libraries.
The software using the library would need to be partially rewritten to dynamically load these parsers at runtime and gracefully handle them not being present.
Either way, it's a change in requirements leading to a change in design and [re-]implementation. None of that comes for free.
Posted Oct 12, 2023 19:36 UTC (Thu)
by rgmoore (✭ supporter ✭, #75)
[Link] (1 responses)
I just assumed it was already designed that way. If it isn't, I agree it's a big architectural change. In addition to being a lot of work, it might cause more problems in the short term by creating new security bugs.
Posted Oct 13, 2023 9:08 UTC (Fri)
by Tobu (subscriber, #24111)
[Link]
Looking at the Ubuntu package, there is some modularisation; /usr/lib/x86_64-linux-gnu/tracker-miners-3.0/extract-modules/libextract-disc-generic.so handles cue sheets specifically and can be moved out of the way. However, /usr/lib/x86_64-linux-gnu/tracker-miners-3.0/extract-modules/libextract-gstreamer.so also links libcue, plus I'm sure gstreamer does its own module loading, and libgmodule is also linked. I doubt the gstreamer bits were built with sandboxing in mind.
Posted Dec 2, 2023 20:06 UTC (Sat)
by ssokolow (guest, #94568)
[Link]
Bear in mind that BIN/CUE is the standard way to represent optical discs with audio tracks (when you don't need to capture subchannel data, physical data track wobble, or other low-level encoding details that copy protection schemes check), as used by tons of emulators including DOSBox. It's not a highly visible format in modern systems, but it's hardly obscure. (eg. GOG.com re-releases of DOS games with CD audio which don't use ScummVM will use an ISO file for the data track, typically renamed
Posted Oct 14, 2023 5:40 UTC (Sat)
by marcH (subscriber, #57642)
[Link]
If only people were not still writing brand new parsing code in bare C in 2023...
Posted Oct 12, 2023 17:31 UTC (Thu)
by rfunk (subscriber, #4054)
[Link] (1 responses)
Posted Oct 13, 2023 1:13 UTC (Fri)
by DemiMarie (subscriber, #164188)
[Link]
That is the only way to have a decent sandbox.
Posted Oct 12, 2023 9:44 UTC (Thu)
by SLi (subscriber, #53131)
[Link] (2 responses)
I'd think harder guarantees could, in theory, be provided for C.
Actually, how hard would it be to make integrating C and C-on-WebAssembly smoother?
Imagine you could just write code that looks something like this:
The call would spawn a WebAssembly environment, copy But I must say I do not quite know how much scaffolding and setup WebAssembly requires.
Posted Oct 12, 2023 13:55 UTC (Thu)
by josh (subscriber, #17465)
[Link]
If you need to expose a variety of API functions to the WebAssembly layer, that's straightforward as well, but a little more challenging, though it's about to get a lot easier with the new component model that just got standardized.
Posted Oct 12, 2023 18:19 UTC (Thu)
by samlh (subscriber, #56788)
[Link]
Posted Oct 12, 2023 14:36 UTC (Thu)
by tshow (subscriber, #6411)
[Link] (6 responses)
Posted Oct 12, 2023 17:23 UTC (Thu)
by ianmcc (subscriber, #88379)
[Link] (5 responses)
Personally I think it would be better if the C spec said that the result of an arithmetic operation would be always correct if the value can fit in the type, and give an easy to test way to detect if it can't fit.
Posted Oct 13, 2023 6:27 UTC (Fri)
by eru (subscriber, #2753)
[Link] (2 responses)
You would have to check the range of the result anyway, if doing safe code, and with unsigned indices you only have to check the upper bound. Underflow results in a huge value.
The end-of-loop test just has to be placed before decrementing.
Posted Oct 17, 2023 6:36 UTC (Tue)
by error27 (subscriber, #8346)
[Link] (1 responses)
That's just a hack around. The simpler answer is to choose a more intuitive type. Languages like python don't have unsigned variables because they cause edge cases (bugs). Complexity is the opposite of safety. And it's not that hard to add a check for negatives. If people got used to checking for negatives instead of using signedness to save them we would probably be better off. I rant about this at length on my blog:
I feel like we would likely have caught this bug in the kernel using static analysis. I would say probably at least 80% chance.
Posted Oct 26, 2023 10:44 UTC (Thu)
by roblucid (guest, #48964)
[Link]
Posted Oct 13, 2023 17:40 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (1 responses)
* Infix notation (i.e. writing something like "a + b" directly): In debug mode, overflow panics (terminates the program with an error). In release mode, it wraps by two's complement.
Unsigned overflow in C is already required to be equivalent to wrapping_foo(), so it would be a bad idea to change that at this point. But they could still say that signed overflow does wrapping_foo(), because that's currently UB in C (so no program may validly depend on it), and also because lots of people already compile with -fwrapv anyway. Then they could provide overflowing_foo() as a separate operation (or just treat regular arithmetic as overflowing_foo() and give us some kind of syntax or magic errno-like variable to get the bool value - the compiler can see whether we fetch it or not, so it can decide whether it has to bother preserving that information). Then we have checked and saturating, both of which would be at least somewhat useful to have (so that I don't have to constantly do high-school algebra just to correctly check whether a + b > INT_MAX).
This leaves out unchecked, which I'm fine with leaving out, but I'm sure there's somebody somewhere out there who's counting individual CPU cycles and would want it at least for signed arithmetic. Oh well.
Posted Oct 14, 2023 20:11 UTC (Sat)
by tialaramex (subscriber, #21167)
[Link]
My guess is that on real hardware people actually use, Wrapping<i32> has the same performance as the unchecked math does, and likely the same results in many cases, without a scary unsafe marker. But I could be wrong.
I use Wrapping<u32> in my hand rolled implementations of MD5 and SHA1 (not for real software, just for toys) because it's true that wrapping arithmetic is nicer if you know that's what you're doing, but it's defined for i32 as well as u32 and I see no reason to imagine it's a problem on modern hardware.
In fact it reminds me of how f32::from_bits and f32::to_bits are trivial - in principle you could imagine a CPU where getting the raw bits out of a 32-bit floating point value and into a 32-bit unsigned integer is a non-trivial operation. In actuality, every computer you could buy for years now went duh, those are just bits, in the same order, same layout, different meaning, types are just in your head man... Rust reserves the right to actually do hard work to deliver these functions, but in reality on any computer you can buy they're just book-keeping changes, and so they cost zero CPU cycles.
Posted Oct 13, 2023 7:17 UTC (Fri)
by GoodMirek (guest, #101902)
[Link] (7 responses)
I used Gnome for several years and remember fighting regular and prolonged high CPU utilization caused by tracker.
In my opinion, end users should have an easy and convenient way to disable such an intrusive technology. Even better, they should be offered opt-out option during the first Gnome setup.
Posted Oct 13, 2023 8:08 UTC (Fri)
by rschroev (subscriber, #4164)
[Link]
Posted Oct 13, 2023 12:55 UTC (Fri)
by clump (subscriber, #27801)
[Link] (3 responses)
This seems like a really simple request from users that is constantly ignored. I don't understand why.
Posted Oct 14, 2023 5:46 UTC (Sat)
by marcH (subscriber, #57642)
[Link] (2 responses)
Isn't GNOME (and any other Linux desktop) mostly developed by volunteers having coding fun? Listening to (sometimes bad) feedback and project managing it is not fun at all.
Posted Oct 14, 2023 8:15 UTC (Sat)
by Wol (subscriber, #4433)
[Link]
Developing a project is not easy work - I've tried hard with Scarlet, and with MaVerick before that.
But this particular piece of software is Marmite - and if you make it effectively mandatory when it is (a) resource heavy, (b) considered seriously buggy by a large chunk of your user base, and (c) seen as being of no benefit whatsoever by (maybe the same) large chunk of your user base, you deserve all the brickbats that get thrown at you.
Okay, maybe I'm excessively biased by the debacle that was KDE4 (36 hours and not there yet to boot a desktop that gets shut down nightly???)
Rule 1 of happy developing (yes it's not sufficient, but ...) "Don't piss off your user base with your personal project that doesn't work".
Cheers,
Posted Oct 15, 2023 18:18 UTC (Sun)
by clump (subscriber, #27801)
[Link]
Posted Oct 23, 2023 9:01 UTC (Mon)
by sammythesnake (guest, #17693)
[Link] (1 responses)
One of the motivations for me to switch to swayWM was that my patience×Google+fu×brainpower product was significantly short of the threshold required to get rid of tracker which I never used...
These days, I have to use that resource on getting stuff done that a heavier WM/DE would do automatically (e.g. Bluetooth audio - pointers gratefully received(!)), but at least my weenie laptop isn't constantlyoverheating/chugging/running out of battery (and I'm also a *little* protected from naughty USB dongles)
Posted Oct 24, 2023 11:29 UTC (Tue)
by mathstuf (subscriber, #69389)
[Link]
AFAICT, this is handled by Pulseaudio/Pipewire automatically. There is `blueman-manager` for GUI management of devices, `pavucontrol` for routing audio, and `bluetoothctl` for command line control. Works for me under XMonad (and all the "automatic setup" that such a choice usually implies doesn't happen).
Posted Oct 13, 2023 9:04 UTC (Fri)
by NRArnot (subscriber, #3033)
[Link]
Posted Oct 13, 2023 10:15 UTC (Fri)
by sam.thursfield (subscriber, #94496)
[Link] (2 responses)
If anyone is interested in reading about what features the Tracker search engine & database provides, I did some writeups a few years ago as part of the Tracker 3 effort.
You could start here:
* https://samthursfield.wordpress.com/2020/10/05/tracker-3-...
There is unfortunately very little investment in improving desktop search in general, I think for a team of about 1.5 volunteers to keep this 2006-era codebase going way into the 2020's is something quite impressive :)
Posted Oct 13, 2023 12:37 UTC (Fri)
by Wol (subscriber, #4433)
[Link] (1 responses)
I hate to say it, but I suspect there is a lot of hostility towards desktop search.
The people who know what's going on hate it.
The people who don't know what's going on don't know how to use it.
The number of people who actually both know about it, and know how to use it, is vanishingly small ...
At the end of the day (and I speak as a database guy) my attitude to much of this is "too much data, not enough information, the signal-to-noise is so poor we shouldn't be keeping all this crap!".
Cheers,
Posted Oct 15, 2023 12:18 UTC (Sun)
by sam.thursfield (subscriber, #94496)
[Link]
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
WUFFS
WUFFS
WUFFS
> Everybody (phone vendors, browsers, and in this case Linux desktop environments) needs to stop trying to use "sandboxes" for their own code rather than just using provably safe techniques so it's faster and not ridden with security holes.
Firefox's RLBox+wasm2c integration is a good path to sandboxing existing libraries (that need limited platform support; parsers such as this): compile the library to WASM and back to C (wasm2c), now whatever corruption is inside it can't escape some linear address space. Don't trust the outputs, here they are just going into an index which seems safe.
WUFFS
WebAssembly
WUFFS
That's why sandboxes are used; it allows vastly improved safety _today_ with old code, while you wait for safely-rewritten stuff to be usable. If ever.
WUFFS
WUFFS
The software using the library would need to be partially rewritten to dynamically load these parsers at runtime and gracefully handle them not being present.
WUFFS
WUFFS
.gog to avoid "I mounted this and I got no music" tech support calls, a bunch of Ogg Vorbis files, and a version of DOSBox with the patch to support Ogg Vorbis audio tracks in .cue files. I imagine Steam re-releases would do something similar).WUFFS
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
struct output {
int something;
bool ok;
};
// WASM_OUT: wasm may write here
// WASM_STRZ: input for WebAssembly, size determined by strlen()
[[webassembly]] int sensitive_computation([[wasm_out]] struct output *out, const char *str, struct something smth) {
...
}
void foo(int x, const char *str, struct something smth) {
struct output out;
int x = sensitive_computation(WASM_OUT(out), WASM_STRZ(str), smth);
...
}
str's bytes to its memory address, and after the execution has finished would copy the contents of out to foo's struct out and return the value returned by the function. I'd expect to be use completely normal C in sensitive_computation, apart from of course anything that requires system calls or memory management. We might perhaps add another function type, [[webassembly_internal]], which is a function that can be called from WebAssembly code without restrictions (i.e. it's not limited to the in/out thing, it is linked into the same WebAssembly binary and operates in the same sandbox).
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
https://hacks.mozilla.org/2021/12/webassembly-and-back-ag...
https://rlbox.dev/
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
if you ever need to subtract indices,
or count backwards.
Remote execution in the GNOME tracker
https://staticthinking.wordpress.com/2023/07/25/wsign-com...
Remote execution in the GNOME tracker
Using unsigned specifies modulo arithmetic with clear semantics; advocating signed is saying you want programs that when overflow guards fail have undefined behaviour.
A compiler can know that c = 128+128 is > 0 because if it isn't your program is defective, you failed to use the right signed type.
Remote execution in the GNOME tracker
* checked_foo(): Returns an option type. You can then write separate branches for the "it worked" and "it overflowed" cases. If it overflowed, you don't get a numerical result at all, so while you could panic by calling unwrap(), you can't silently use the wrong number.
* overflowing_foo(): Wraps by two's complement, and returns a bool indicating whether overflow happened. The compiler does not force you to inspect the bool, so this is easier to misuse than checked, but also more flexible.
* wrapping_foo(): Same as calling overflowing_foo() and throwing away the bool. For when you absolutely know that wrapping is correct and there's no alternative code path for it.
* saturating_foo(): Not available for bitwise operations. Returns the value that is closest to the true result. For example, saturating_add(u64.MAX, 1) == u64.MAX, because u64.MAX is the closest representable value to u64.MAX + 1.
* unchecked_foo(): Overflow is UB. Requires an unsafe block, but the compiler emits IR which is equivalent to this function whenever it can prove that overflow will not actually occur, so you really only need this if the compiler isn't smart enough *and* you're trying to squeeze every last cycle out of a tight loop or something like that.
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
It resembled Windows Search - ate my CPU and battery, hard to switch off (actually way harder than Windows Search) and was enabled against my will.
For me, tracker was always a bloatware.
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Wol
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
Remote execution in the GNOME tracker
* https://samthursfield.wordpress.com/2020/11/03/tracker-3-...
Remote execution in the GNOME tracker
Wol
Remote execution in the GNOME tracker