HnH project: launch_pdf_reader
Guido Witmond
guido at witmond.nl
Sun May 26 22:54:08 CEST 2019
Hi Genodians,
With some pride, I present the results of my Hack'n'Hike project:
'launch_pdf_reader'.
My goal is to have a shared directory between a Linux VM and the Genode
environment. Whenever the linux world puts a PDF file into the shared
folder, a Genode process picks it up and starts a PDF viewer to render
it inside a Genode sandbox.
As there is no PDF rendering on Linux (or Windows VM, if that's your
thing), it eliminates parser bugs that could be used to attack a user.
These attacks abuse of the Ambient Authority model of Linux, also called
the Confused Deputy problem.
This makes pdf rendering on Linux as easy - and secure - as
''/bin/cp $PDF $SHARE''
The repo lives at: https://github.com/gwitmond/genode-launch-pdf-reader
With regards,
Guido.
More information about the users
mailing list