[Rpcemu] (no subject)

dfeugey at ascinfo.fr dfeugey at ascinfo.fr
Wed May 13 13:02:36 PDT 2020


Le 2020-05-13 20:31, Peter Howkins a écrit :
> For the very same reason a webpage running javascript can't execute
> shell commands or host API calls on your host OS.
> 
Not the same. A web browser is a door opened to the outside. Local 
applications can do bad things, but inside the limits of the the rights 
and ACL you give to them.

> Can you explain your use case here, what are you actually trying to
> achieve?
> 
- Universal print bridge from one only RISC OS PS driver
- USB auto-mounting in new hostfs drives
- SANE interface in a module
- Local screen definition for dynamic screen resize
- x86 (sandboxed) code (for speed)
- Launch selected local applications (MP3 playing, etc.)
- Local engines (for example x86 V8 mapped as a module, or BBCBasic x86 
as a module)
- Redirection of Qemu's Spice output in RISC OS Windows
- SQL bridge
Etc.

> It is entirely possible to provide access to host services in a secure
> manner, if they have a defined scope.
> 
Of course. I don't ask for some privilege escalation nightmare.

Security can be:
- ACL and strict rights
- confirmation box on the host
- send commands only to a VM, not a host
- predefine the commands you can launch on the host
- IPC with selected / specific x86 apps

If we can extend RPCEmu that way, you won't have to do it yourself. Else 
you can plan it too. It'll be even better :)

David



More information about the RPCEmu mailing list