Pidgin-3 and browser plugins
Bjoern Voigt
bjoernv at arcor.de
Mon Dec 16 18:09:10 EST 2013
Ethan Blanton write:
> Daniel Atallah spake unto us the following wisdom:
>> On Mon, Dec 16, 2013 at 5:03 AM, Bjoern Voigt <bjoernv at arcor.de> wrote:
>>> sine some days I test the "Pipelight" browser plugin. During
>>> Pipelight updates, I saw, that Pidgin loads this plugin. Why does
>>> Pidgin need browser plugins? How can I disable this behavior?
>> Pidgin has no knowledge of or interaction with your browser plugins (unless
>> a third party pidgin plugin also has some sort interaction with the
>> browser).
>> What makes you think that "Pidgin loads this plugin"?
> Pidgin 3, which is unreleased and unsupported, does of course use Web
> Kit, which might load plugins that are installed for it (?).
Thanks for all your tips.
Now I think, that Webkit-GTK loads all my installed browser plugins:
$ ldd /usr/local/pidgin-dev/bin/pidgin |grep webkitgtk
libwebkitgtk-3.0.so.0 => /usr/lib64/libwebkitgtk-3.0.so.0
(0x00007fd0582dc000)
$ strings /usr/lib64/libwebkitgtk-3.0.so.0|grep browser-plugins
$ strace /usr/local/pidgin-dev/bin/pidgin 2>&1 |
openat(AT_FDCWD, "/usr/lib64/browser-plugins",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 24
access("/usr/lib64/browser-plugins/libtotem-mully-plugin.so",
F_OK) = 0
access("/usr/lib64/browser-plugins/javaplugin.so", F_OK) = 0
[...]
open("/usr/lib64/browser-plugins/libtotem-gmp-plugin.so",
O_RDONLY|O_CLOEXEC) = 24
open("/etc/totem/browser-plugins.ini", O_RDONLY) = -1 ENOENT (No
such file or directory)
This leads me again to the question, if I can disable the
function, that Pidgin indirectly over webkitgtk loads all my
browser plugins.
This may be a security topic. May be a buddy can send me HTML
messages, which contain malicous code which can exploit security
holes in browser plugins.
Greetings,
Björn
More information about the Devel
mailing list