[PD-dev] writing exploits in Pd (Re: [PD] [file])
Andy Farnell
padawan12 at obiwannabe.co.uk
Tue Aug 31 18:01:18 CEST 2021
What a fun thread.
It does raise the old trust issue (I prefer that word
to "security")
[shell] was always the obvious tool for mischief.
In the end Pd is a programming language - caveat emptor
Sandboxing has already been mentioned. It's not so easy to
make cross platform, but a chrooted or cgroups constrained
(semi-containerised) install should be possible for linux.
Maybe that could be an install choice, for a "hardened Pd".
Careful code signing and review for Deken is probably a better
future, and Pd community is small enough to manage that I think.
On Tue, Aug 31, 2021 at 04:51:00PM +0200, IOhannes m zmoelnig wrote:
> On 8/31/21 4:37 PM, Antoine Rousseau wrote:
> >>
> >>i wonder whether it would be possible (with Pd>=0.42) to create a patch
> >>that creates a gui-plugin on the fly.
> >>if this is true, then you can already do everything that [file] allows you
> >>to do - and much more
> >
> >
> >yes, but [file] will be extremely useful in the "-nogui" and libpd contexts.
>
> yes definitely. and much more.
> i didn't write [file] to write exploits but to be useful.
>
> >
> >BTW, and about the "exploits", I'm wondering if this would be feasible to
> >implement a safety lock callable from a libpd based application, that would
> >restrict the write permission (of every Pd object) to a given list of
> >directories.
>
> we could probably restrict `sys_open` and friends.
> however, externals are free to *not* use `sys_open` so that could be easily
> circumvented.
>
> mfgasdr
> IOhannes
>
> _______________________________________________
> Pd-dev mailing list
> Pd-dev at lists.iem.at
> https://lists.puredata.info/listinfo/pd-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.puredata.info/pipermail/pd-dev/attachments/20210831/dd13dd58/attachment.sig>
More information about the Pd-dev
mailing list