Secure GUI Programs
Norman Feske
norman.feske at ...1...
Thu Jan 14 11:33:57 CET 2016
Hi Ben,
On 12.01.2016 23:07, Nobody III wrote:
> I've been thinking about writing graphical utilities (e.g. a file
> manager), but I'm not sure whether I should be using Qt. Can I consider
> Qt secure for things such as rendering filenames from untrusted
> filesystem servers? If not, what do you suggest?
I would start with using Qt5. There is no serious alternative toolkit
available on Genode anyway. The only other options were to wait until a
different toolkit becomes available, to port a different toolkit, or to
build a new toolkit from scratch. Neither of those options seem
attractive if you want to implement a file manager right now.
For an security assessment, you have to take the (1) attack surface and
(2) reach of a security breach into account:
1. Is it exposed to the network? Which inputs does it handle (you
mentioned file names) and where do those input come from?
2. Is it prone to leak information between different security domains?
I.e., does it deal with only one or multiple file systems? Can it
merely read data but not modify a file system? What can happen in
the worst case?
> Another question: for previews/thumbnails (e.g. for icons), is it
> reasonably efficient to render the preview for each file in its own
> process, or should I batch them together?
The best approach would be to try it out, starting with the simplest
solution (creating a sandboxed component per image). If it turns out to
be too slow, you can still think about processing multiple images in one
component.
Cheers
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
http://www.genode-labs.com · http://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list