On Wed, 13 May 2020 at 19:08, <dfeugey@ascinfo.fr> wrote:
Le 2020-05-13 20:01, Peter Howkins a écrit :
> On Wed, 13 May 2020 at 16:36, <dfeugey@ascinfo.fr> wrote:
>
>> Hi.
>>
>> CallWin32 is not very portable, but it would be fun to have QProcess
>>
>> accessible from RISC OS.
>
> No .... just no. Both these things have massive security
> considerations for the host OS.
>
Wich one?
A lot of applications can launch shell commands.
For the very same reason a webpage running javascript can't execute shell commands or host API calls on your host OS.
RPCEmu is a 'sandbox' of executable code. There's a reasonable expectation from users that RISC OS programs shouldn't be able to affect their host code with malware. With host execution privileges, even at 'user' level, RISC OS apps could download malware to host OS and run it there (bittorrent miners, adware, ransom-ware attacks by encrypting the contents of the 'Documents' folder, scanning users files for passwords or financial details).
"But that would never happen!", you are correct, I'm not even going to allow the possibility.
I don't suggest a root access. Just some kind of communication between
RISC OS and the host OS.
If you prefer CallWin32, I prefer too :)
No.
Can you explain your use case here, what are you actually trying to achieve?
It is entirely possible to provide access to host services in a secure manner, if they have a defined scope.
Peter
No comments:
Post a Comment