[Rpcemu] (no subject)

Peter Howkins rpcemu.howkins at marutan.net
Wed May 13 11:31:25 PDT 2020


On Wed, 13 May 2020 at 19:08, <dfeugey at ascinfo.fr> wrote:

> Le 2020-05-13 20:01, Peter Howkins a écrit :
> > On Wed, 13 May 2020 at 16:36, <dfeugey at ascinfo.fr> wrote:
> >
> >> Hi.
> >>
> >> CallWin32 is not very portable, but it would be fun to have QProcess
> >>
> >> accessible from RISC OS.
> >
> > No .... just no. Both these things have massive security
> > considerations for the host OS.
> >
> Wich one?
> A lot of applications can launch shell commands.
>

For the very same reason a webpage running javascript can't execute shell
commands or host API calls on your host OS.

RPCEmu is a 'sandbox' of executable code. There's a reasonable expectation
from users that RISC OS programs shouldn't be able to affect their host
code with malware. With host execution privileges, even at 'user' level,
RISC OS apps could download malware to host OS and run it there (bittorrent
miners, adware, ransom-ware attacks by encrypting the contents of the
'Documents' folder, scanning users files for passwords or financial
details).

"But that would never happen!", you are correct, I'm not even going to
allow the possibility.

I don't suggest a root access. Just some kind of communication between
> RISC OS and the host OS.
>
> If you prefer CallWin32, I prefer too :)
>

No.

Can you explain your use case here, what are you actually trying to achieve?

It is entirely possible to provide access to host services in a secure
manner, if they have a defined scope.

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.riscos.info/pipermail/rpcemu/attachments/20200513/61f47ae1/attachment.html>


More information about the RPCEmu mailing list