HnH project: launch_pdf_reader
Martin Stein
martin.stein at genode-labs.com
Mon May 27 17:50:28 CEST 2019
Hey Guido,
Thanks for sharing the outcome of your project with us!
I like the idea and think it solves a pretty common and practical problem.
I wonder, have you been able to integrate the 'launch_pdf_reader' as
deployable package into Sculpt? If yes, are you planning to publish it,
so other Sculpt users can give it a try too?
Cheers,
Martin
El 26/5/19 a las 22:54, Guido Witmond escribió:
> Hi Genodians,
>
> With some pride, I present the results of my Hack'n'Hike project:
> 'launch_pdf_reader'.
>
> My goal is to have a shared directory between a Linux VM and the Genode
> environment. Whenever the linux world puts a PDF file into the shared
> folder, a Genode process picks it up and starts a PDF viewer to render
> it inside a Genode sandbox.
>
> As there is no PDF rendering on Linux (or Windows VM, if that's your
> thing), it eliminates parser bugs that could be used to attack a user.
> These attacks abuse of the Ambient Authority model of Linux, also called
> the Confused Deputy problem.
>
> This makes pdf rendering on Linux as easy - and secure - as
> ''/bin/cp $PDF $SHARE''
>
> The repo lives at: https://github.com/gwitmond/genode-launch-pdf-reader
>
> With regards,
>
> Guido.
>
> _______________________________________________
> Genode users mailing list
> users at lists.genode.org
> https://lists.genode.org/listinfo/users
More information about the users
mailing list