qubes-issues icon indicating copy to clipboard operation
qubes-issues copied to clipboard

Published 20 hours ago verified publisher icon QubesOS

Convert ALL to trusted

Open frozentime345 opened this issue 7 years ago • 14 comments

Qubes OS version: R3.2

Sorry if this isn't the place to request features(a google search did me no good nor did qubes os faq). It might be nice to have convert all to trusted(pdfs/images) for a folder(ie for complex file structures).

Affected component(s): Feature Request

Steps to reproduce the behavior: Feature Request

Expected behavior:

Actual behavior:

General notes:

Related issues:

frozentime345 avatar Jun 06 '18 22:06 frozentime345

@macdog345 What do you mean "convert all to trusted for a folder"?

fosslinux avatar Jun 06 '18 22:06 fosslinux

Like every pdf and every image in the folder would be converted. Rather than having to track down each pdf and image and right click it(if one had such a complex folder).

frozentime345 avatar Jun 06 '18 22:06 frozentime345

@macdog345 Which program are you using eg convert? Are you doing this in an AppVM/TemplateVM/dom0?

fosslinux avatar Jun 06 '18 22:06 fosslinux

Im using the convert to trusted pdf function of qubes os and in an AppVM? is there some kind of command for this cuz i guess I could write a bash script to accomplish the above(or someone more bash skilled could =p).

frozentime345 avatar Jun 06 '18 22:06 frozentime345

qvm-convert-pdf, qvm-convert-img, both accept only one file at a time.

marmarek avatar Jun 06 '18 22:06 marmarek

kk thanks! was this the right place to ask for feature requests(just for future ref)?

frozentime345 avatar Jun 06 '18 23:06 frozentime345

was this the right place to ask for feature requests(just for future ref)?

Yes. :slightly_smiling_face:

andrewdavidwong avatar Jun 07 '18 04:06 andrewdavidwong

@marmarek I'm still confused about what needs to be fixed. Is the issue to be able to convert multiple images at a time?

fosslinux avatar Jun 07 '18 04:06 fosslinux

(Name change from macdog)Yes and no, you can convert multiple pdfs from my experience by selecting each pdf and nothing else, but right clicking a folder or selecting control A in a folder with various file types leaves the option unavailable. So just a minor issue but it would be nice to one day convert entire USBS and such to trusted.

frozentime345 avatar Jun 07 '18 04:06 frozentime345

The problem you're addressing (if any) If you want to convert multiple jpegs to trusted jpegs (using nautilus, select files, right click -> Convert To Trusted Img: qubes opens a DVM, converts one single file, closes the DVM. Then takes the next file, opens a DVM, converts the jpeg, closes the DVM, etc ... if you have 40 files you want to convert, qubes fires up 40 DVMs in total which takes a long time.

Describe the solution you'd like Fire up a DVM just once, convert all the jpegs, and close the DVM.

Where is the value to a user, and who might that user be? Saving lots of time.

Describe alternatives you've considered I could try to convert them myself which is probably not secure.

Additional context Tested with current up to date Qubes R4.0.3. NOT tested with R4.1

Relevant documentation you've consulted Searching for this problem in github and found this issue

Related, non-duplicate issues This issue.

johnnyboy-3 avatar Nov 06 '20 12:11 johnnyboy-3

Is there any consideration for fixing this? Should we use just one DVM if the user selects multiple files or a folder or should be two different ways for do it?

qvm-convert-pdf, qvm-convert-img, both accept only one file at a time.

Should this remain this way?

donob4n avatar Feb 27 '21 12:02 donob4n

Not to bump old threads, is this something you're still wanting for R4.1?

rootnoob avatar Sep 20 '21 18:09 rootnoob

Yes, specifically I wanted to easily convert an entire folder/usb but johnnyboy-3's point about using a single DVM to save time is probably the most important change. Although I dont think file type should matter, if a user selects multiple pdfs or jpegs or whatever it should all be pulled to a single dvm then each pdf/image should be converted to trusted and returned.

frozentime345 avatar Sep 23 '21 08:09 frozentime345

It should be conveyed to the user that such a batch conversion of multiple documents in a single DisposableVM has weaker security properties: Any malicious document could tamper with the visual content of the other documents in the batch. (Or at least of the ones that happen to be processed after it, assuming an implementation where each converted document is copied back to the source VM before the next one is converted.)

rustybird avatar Sep 23 '21 18:09 rustybird

Hey just reading this now. I've made a python script that runs qvm-convert-pdf on all the pdf's in a directory. It still uses a a new DVM for each conversion, but wouldn't using the same DVM for all of them be a problem? If one pdf is malicious, could it affect the conversions of everything else in that dvm?

Regardless, what I do to speed up the time is multithread the forking of DVM's for this. However, as you might guess, opening up 40 DVM's at once is a huge resource drain, so I use semaphore's to manage my resources. Here's a sample python script.

import subprocess
from threading import Thread, Semaphore
# semaphore count based on your system constraint
pool_semaphore = Semaphore(5)
def thread_handler(target_pdf_file):
    global pool_semaphore
    with pool_semaphore:
        subprocess.check_output([
            "qvm-convert-pdf",
            target_pdf_file
        ])

thread_list = []
for target_file in LISTED_FILES:
    thread_list.append(Thread(target=thread_handler,args=(target_file,)))
for thread in thread_list:
    thread.start()
for thread in thread_list:
    thread.join()

You can adjust this code to find all pdf/image files and work accordingly without needing to manually do it yourself.

wondoketu avatar Dec 19 '24 07:12 wondoketu