[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?

>On #debian at Libera.chat IRC network they suggested it was up to the
>upstream software sources to I guess....somehow???...test the awful binary
>formats possible that are out there...?
I think whaf the person meant was that it's upstream who tries to mitigate bugs and create secure software. Some of them might test their viewer extensively for security too, eg with fuzzing or known bad images. Those developers often know how they protect themselves. :)
But there always can be bugs in the application nonetheless.

Limiting that is difficult and complex, especially within GNU+Linux. You could use a MAC and also create a tight sandbox. You should probably use a viewer which is minimal (I think there's feh or sxiv which are quite small) too so that the sandbox is more effective. Rebind the image read-only and use Wayland (eg sway or GNOME). Don't allow dbus if possible.
Some flatpak apps/image viewer have a bwrap sandbox already defined but I would assume they allow (read-only) access to /home, so I don't think this is what you want.
Also, I don't know if bwrap can limit network access.
Easier would probably to just use the browser to view an image. They are battle-tested in that regard.

In general though, security is a complex field. Even with a sandbox, there's still attack surface which includes the kernel. So use a virtual machine if you worry a lot.
Also there are various hardening steps you can employ to make exploitation and sandbox escape harder, but that gets a little more time consuming and complex and is probably out of scope here.

I'm not a security professional nor do I claim to know something about it, but maybe the above will help you. :)


Reply to: