Hi Ben,
On 12.01.2016 23:07, Nobody III wrote:
I've been thinking about writing graphical utilities (e.g. a file manager), but I'm not sure whether I should be using Qt. Can I consider Qt secure for things such as rendering filenames from untrusted filesystem servers? If not, what do you suggest?
I would start with using Qt5. There is no serious alternative toolkit available on Genode anyway. The only other options were to wait until a different toolkit becomes available, to port a different toolkit, or to build a new toolkit from scratch. Neither of those options seem attractive if you want to implement a file manager right now.
For an security assessment, you have to take the (1) attack surface and (2) reach of a security breach into account:
1. Is it exposed to the network? Which inputs does it handle (you mentioned file names) and where do those input come from?
2. Is it prone to leak information between different security domains? I.e., does it deal with only one or multiple file systems? Can it merely read data but not modify a file system? What can happen in the worst case?
Another question: for previews/thumbnails (e.g. for icons), is it reasonably efficient to render the preview for each file in its own process, or should I batch them together?
The best approach would be to try it out, starting with the simplest solution (creating a sandboxed component per image). If it turns out to be too slow, you can still think about processing multiple images in one component.
Cheers Norman