Following the whole libwebp vulnerability I'm a little perplexed that seemingly everyone is doing in-process image decoding?! In SerenityOS there's a system service called ImageDecoder, and its entire purpose is... decoding everyone's images. Data in, bitmap out. Only pledges stdio and recvfd/sendfd, so whatever exploit you have is probably useless. Trying to do anything forbidden, process gets killed by the kernel and restarted by SystemServer.
Surely this isn't a novel concept we invented?
@linusgroh I think this may be semi-novel concept because it adds inter-process communication which is another complexity...
but from security point of view this is neat
@linusgroh
Sounds like a good idea! I wanted to design something similar for AshetOS (which i should make a nice post about).
IPC luckily is basically cost-free in my design, so i can make a similar approach here
@linusgroh Android does this at least for Video and Audio playback, not sure about image decoding: https://source.android.com/docs/core/media/framework-hardening