> > however, externals are free to *not* use `sys_open` so that could be > easily circumvented
yes. I was mostly concerned about user written Pd patches that would be opened by a libpd app, like Pd(Droid)Party, MobMuPlat or so. If the developer of the app could lock the write permission to a predefined user directory, it would be safer to try opening patches from other users... In the worst case you only could lose other patches or related data. Thinking a bit more: actually most mobile APIs already provide such a security... Le mar. 31 août 2021 à 16:51, IOhannes m zmoelnig <[email protected]> a écrit : > On 8/31/21 4:37 PM, Antoine Rousseau wrote: > >> > >> i wonder whether it would be possible (with Pd>=0.42) to create a patch > >> that creates a gui-plugin on the fly. > >> if this is true, then you can already do everything that [file] allows > you > >> to do - and much more > > > > > > yes, but [file] will be extremely useful in the "-nogui" and libpd > contexts. > > yes definitely. and much more. > i didn't write [file] to write exploits but to be useful. > > > > > BTW, and about the "exploits", I'm wondering if this would be feasible to > > implement a safety lock callable from a libpd based application, that > would > > restrict the write permission (of every Pd object) to a given list of > > directories. > > we could probably restrict `sys_open` and friends. > however, externals are free to *not* use `sys_open` so that could be > easily circumvented. > > mfgasdr > IOhannes > > _______________________________________________ > Pd-dev mailing list > [email protected] > https://lists.puredata.info/listinfo/pd-dev >
_______________________________________________ Pd-dev mailing list [email protected] https://lists.puredata.info/listinfo/pd-dev
