On 03/11/2017 11:50 AM, Jean-Philippe Ouellet wrote: > On Sat, Mar 11, 2017 at 3:42 AM, Andrew Morgan > <[email protected]> wrote: >> The `attr` package is not installed in Whonix, Ubuntu or Debian by >> default, so we will have to include this in our templates for this to >> function seamlessly. > Not necessarily. You could simply use a lower-level interface > [1][2][3][4] to the same thing that command accesses. Doing so would > likely be preferable anyway, as there is a preference in the Qubes > codebase for implementing things in python instead of shell scripts > for portability reasons [5]. > > [1]: https://pypi.python.org/pypi/xattr > [2]: http://man7.org/linux/man-pages/man5/attr.5.html > [3]: http://man7.org/linux/man-pages/man2/getxattr.2.html > [4]: http://man7.org/linux/man-pages/man2/listxattr.2.html > [5]: https://www.qubes-os.org/doc/coding-style/#bash-specific-guidelines > Thanks Jean-Philippe,
That's great that Python has a native interface for this. I noticed the xattr package does not have support for setting extended file attributes (EFA) on Windows. There is one library [0] that claims to support altering EFAs on Windows although I have not tested it yet and it hasn't seem a commit in quite some time. I'm also unsure whether it allows for custom attributes, which would be especially problematic as I was planning on adding a "user.qubes.untrusted" attribute key. I was thinking about the UX and UI of how a user would mark a file as untrusted/always open in a DispVM. In the original issue there were some debates on how a user would know/could mark a file as untrusted and I've come up with the following potential solution: Be able to mark a file, folder or complete MIME-type as "untrusted". I know the issue is mainly geared towards MIME-types, however Joanna's comment [1] on potentially having files created in the user's ~/Downloads or ~/QubesIncoming folders always being untrusted gave me an idea. Using the pyinotify module [2], we can easily and efficiently run a python daemon that monitors untrusted folders and marks their contents as untrusted as well, even when new content is created inside them. We could also mark these files/folders with an emblem that would show up in the file manager, clearly alerting users to what will happen when they double-click a file. In addition to the folders concept, I drafted a potential file dialog in GIMP for what the user could see when right clicking > choosing to open a file in a disposable VM: https://imgur.com/a/cEoDx The concept was geared to be compatible with any destination VM but we could remove the text view and have it only for DispVM usage (though it may come in handy for Qubes 4.x when we have multiple types of DispVMs). For the folder marking, we could add an entry in the folder's right-click menu with a checkbox for whether or not it and its contents are untrusted. Overall, the main hurdles with this project seem to be in the UX/UI design, as well as potential Windows compatibility (I'm not sure including an entry in the Windows right-click dialog will be as simple as a python script). Let me know what you think, I'm eager for feedback. [0]: https://github.com/amdf/xattrlib [1]: https://github.com/QubesOS/qubes-issues/issues/441#issuecomment-253731556 [2]: https://github.com/seb-m/pyinotify Thanks, Andrew Morgan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/oacdvo%244m3%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
