Hi Genodians,
With some pride, I present the results of my Hack'n'Hike project:
'launch_pdf_reader'.
My goal is to have a shared directory between a Linux VM and the Genode
environment. Whenever the linux world puts a PDF file into the shared
folder, a Genode process picks it up and starts a PDF viewer to render
it inside a Genode sandbox.
As there is no PDF rendering on Linux (or Windows VM, if that's your
thing), it eliminates parser bugs that could be used to attack a user.
These attacks abuse of the Ambient Authority model of Linux, also called
the Confused Deputy problem.
This makes pdf rendering on Linux as easy - and secure - as
''/bin/cp $PDF $SHARE''
The repo lives at: https://github.com/gwitmond/genode-launch-pdf-reader
With regards,
Guido.
_______________________________________________
Genode users mailing list
[email protected]
https://lists.genode.org/listinfo/users
