Hello everyone, since the recent vulnerability in evince handling cbt files brought back some attention to the issue of the security, I would like to point out again this project about sandboxing evince using seccomp syscall filter. Evince does parse a lot of complex file formats and is therefore prone to such vulnerbilities, especially considering most users open files from unknown sources with this application. What is the status of this project: - It works (on specific systems) and provides some helpful protection (like blocking network access for the process) - It still needs lots of testing, especially for file formats other then pdf - The main issue is that the list of syscalls changes rapidly depending on libraries and distributions etc. - Seccomp is very powerful but also needs a lot of attention. The approach taken by pledge (from OpenBSD) seems to be way better but we still do not have that on linux - Blacklisting dangerous syscalls might be the easier approach, assuming all relevant and dangerous syscalls to be restricted can be identified https://github.com/LinuxSandboxingProject/evince If anyone is interested in working on this we might be able to significallyimprove the security of evince. I would also like to know if the people resonsible for acceptin patches would be willing to implement this (assuming it will reach a stable and working state) Please let me know what you think about this.
Attachment:
signature.asc
Description: PGP signature