From: Timothy R. <tr...@si...> - 2009-03-06 04:03:39
|
On Mar 5, 2009, at 5:26 PM, Matthew Gates wrote: > I asked about sandboxing the QT core API classes in the #qt channel > of freenode. The guy who answered said it would probably be > necessary to wrap up QFile in our own scripting functions/objects. > I suppose we could add some functions to the Stellarium core script > object. > I'm not sure about this fellow in particular, but I dare say there > are people who like to write in javascript who would be put off by a > plugin written in C++. Perhaps the script engine is not the right > approach for this though. > Matthew > On Thursday 05 March 2009, Mike Storm wrote: > > If he wants file access, shouldn't it be implemented in a plugin > > instead of a script? Although if there is enough demand, we could > > create a sandbox folder that scripts can write to, but we'd have to > > cleanse and re-check file names and other variables intensively. > > > > Mike > > > > On 3/5/09, Rob Spearman <ro...@di...> wrote: > > > I think by default there should be no file access, etc. So at > best it > > > should need to be enabled with a config option. > > > > > > If we wanted to do this, I assume for security some sort of > wrapper > > > would be needed over the QT API to only allow features/uses we > deem > > > safe from scripts. > > > > > > But it seems to me an ephemeris generator should just be a module > > > rather than a script, which seems to be the root of the problem > here. > > > > > > Rob > > > > > > On Thu, 2009-03-05 at 18:45 +0000, Matthew Gates wrote: > > >> Hi folks, > > >> > > >> I just responded to an interesting email from a script author who > > >> would like to do some file operations from a script. From his > other > > >> questions, I believe he wants to make an ephemeris generator or > > >> something similar. > > >> > > >> I can imagine quite a few cool things which would be possible > if the > > >> QT API was available from Stellarium scripts, but there are some > > >> security implications of doing this - we don't want to open an > attack > > >> vector to malware authors. > > >> > > >> What are your feelings on this? > > >> > > >> Does anyone have a good idea about how to allow access to > general QT > > >> API calls, but somehow sandbox them? e.g. only letting scripts > write > > >> to the scripts directory. > > >> > > >> Cheers > > >> > > >> Matthew > > >> Not that I think it's needed, but aren't scripts just text? So that a user could, um, read them? You all seem to be much more worried about a text file doing something bad, then a plugin you can't even see the source for (unless, of course, it's made available). If I wanted to screw with a users machine, the plugin would be the logical route. Seems you all are really just blowing this out of all proportion. |