SpaceFM & udevil Updates
Sandfox users please note the new advisory regarding SpaceFM. Upgrading to SpaceFM 0.8.7 is recommended if you’re using Sandfox. This doesn’t represent any security problem in SpaceFM, yet because SpaceFM is a very capable program that offers access to filesystems via its socket, it’s a good program to lock down or limit in a sandbox. SpaceFM 0.8.7 is a bit smarter in this area, and even if you don’t follow the advice, should prevent use of its socket from within a chroot jail in all but the most extreme cases (requiring a custom program designed specifically to attack it). For high paranoia, follow the recommendations so the sandbox user has absolutely no access to SpaceFM’s socket.
Mateusz Łukasik’s Lubuntu PPA includes SpaceFM and udevil packages. Mateusz is also the new official Debian packager for SpaceFM and udevil and is working on including official packages in Debian’s repos (not yet available).
NOTE: For those building SpaceFM from source using the instructions in the README, Github recently changed the way they package the source when downloading a tarball. Because they now ignore .gitattributes, the download is over 75 MB and contains all old and new SpaceFM versions and packages. The instructions will still work, but the download is unnecessarily large. I have submitted a bug report to Github and will consider necessary changes based on their response. If you simply want the current release of SpaceFM (master branch), you can download the official tarball here (SF’s mirrors may take awhile to update immediately after a release).
Sorry, the comment form is closed at this time.