Skip to content
This repository has been archived by the owner. It is now read-only.

peruse packaging (comic book reader app from plasma mobile) #926

Closed
ollieparanoid opened this issue Nov 21, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@ollieparanoid
Copy link
Member

commented Nov 21, 2017

CC: @leinir (author of peruse)

@PureTryOut has started packaging the comic book reader app peruse for postmarketOS, along with his Plasma Mobile packaging efforts. Current progress based on his work is in the this branch. I think this is a good idea and getting that working would already be a great use-case for old Android devices/other phones, even if nothing else worked.

So I've looked at the packaging, and it depends on a library for reading archives, which isn't maintained by upstream anymore: zeniko/unarr#7 (comment)

There are bugs in basically all software. I'm especially carefully with software that runs untrusted input from the web, and a comic book reader falls into that category. Imagine that you download a (free) comic book from the web, open it in your comic book reader and then your system gets exploited, because someone exploited unarr.

So in order to not introduce a potential security hole, I would like to apply privilege separation (#846) to this program before we merge it into master and therefore make it available to people, which might start using it for real. Just to make sure, that it can't do anything but display comic books. (Read only to the whole system, except for its own config folder and no network access should do it?)

Opinions welcome!

@ollieparanoid ollieparanoid referenced this issue Nov 21, 2017

Merged

Plasma Shell #440

3 of 3 tasks complete
@PureTryOut

This comment has been minimized.

Copy link
Contributor

commented Nov 21, 2017

To be honest, I thought of just dropping it for now. It's not such an important app if we don't even have people using this as daily drivers yet.

@ollieparanoid

This comment has been minimized.

Copy link
Member Author

commented Nov 21, 2017

Makes sense. If someone wants to work on this, just drop a note and we can reopen it!

postmarketOS-Wiki pushed a commit to postmarketOS/wiki that referenced this issue Nov 21, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.