#9 Weak security in sdltrs ?

[Alan Cox]

sdltrs provides an interface for emulation code running in the TRS80 emulator to access external files. While it does try and provide protection it does not block reading files, closing files in use by the emulator internally, seeking a file in use by the emulator internally (causing it to write in the wrong place). The emt trap code also has unchecked mallocs.

There are some other questionable things too such as the use of strcpy/vsprintf rather than the snprintf variants and into stack based buffers in error handlers. As far as I can see these are merely bugs as you can't trip them from in emulator.

Most disturbing is that emtsafe defaults to off,and it's not well documented how hazardous this is when running code from an untrusted source or site.