Hi Ben, On 12.01.2016 23:07, Nobody III wrote: > I've been thinking about writing graphical utilities (e.g. a file > manager), but I'm not sure whether I should be using Qt. Can I consider > Qt secure for things such as rendering filenames from untrusted > filesystem servers? If not, what do you suggest?
I would start with using Qt5. There is no serious alternative toolkit available on Genode anyway. The only other options were to wait until a different toolkit becomes available, to port a different toolkit, or to build a new toolkit from scratch. Neither of those options seem attractive if you want to implement a file manager right now. For an security assessment, you have to take the (1) attack surface and (2) reach of a security breach into account: 1. Is it exposed to the network? Which inputs does it handle (you mentioned file names) and where do those input come from? 2. Is it prone to leak information between different security domains? I.e., does it deal with only one or multiple file systems? Can it merely read data but not modify a file system? What can happen in the worst case? > Another question: for previews/thumbnails (e.g. for icons), is it > reasonably efficient to render the preview for each file in its own > process, or should I batch them together? The best approach would be to try it out, starting with the simplest solution (creating a sandboxed component per image). If it turns out to be too slow, you can still think about processing multiple images in one component. Cheers Norman -- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
