As of version 1.1.0, an emulator runs in a temporary subdirectory but the working directory is not changed. I suggest that the working directory be set to the execution directory before starting the emulator. Since the emulators run unvetted programs it is conceivable that this could represent a security risk on the server. and that, at least in *nix type system, the emulators be constrained by a chroot to the same execution directory.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Hans,
Thanks for your comments.
We've been looking into this issue for some time now, and aren't quite happy with the way the working directories work either. However, we are constrained by the limitations of running the Emulation Framework through the Java virtual machine, which means that starting external processes (such as emulators), must be done using absolute paths.
As for security risks: Java runs applications in a JVM sandbox so that takes care of the EF; the emulator processes will be run with the same permission as the users so I strongly suggest to not run the EF root/superuser. Although we try to ensure the external programs are safe, as always caveat emptor!
Regards,
Bram Lohman
Emulation Framework team
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
As of version 1.1.0, an emulator runs in a temporary subdirectory but the working directory is not changed. I suggest that the working directory be set to the execution directory before starting the emulator. Since the emulators run unvetted programs it is conceivable that this could represent a security risk on the server. and that, at least in *nix type system, the emulators be constrained by a chroot to the same execution directory.
Hi Hans,
Thanks for your comments.
We've been looking into this issue for some time now, and aren't quite happy with the way the working directories work either. However, we are constrained by the limitations of running the Emulation Framework through the Java virtual machine, which means that starting external processes (such as emulators), must be done using absolute paths.
As for security risks: Java runs applications in a JVM sandbox so that takes care of the EF; the emulator processes will be run with the same permission as the users so I strongly suggest to not run the EF root/superuser. Although we try to ensure the external programs are safe, as always caveat emptor!
Regards,
Bram Lohman
Emulation Framework team