On Sun, Oct 16, 2016 at 7:26 PM, Geo DrinX <geodr...@gmail.com> wrote:
> But in the case of a gis, open or not, the maximum damage that a plugin can
> do is produce the prints off the press sheet.
This is not really true. A plugin can do anything that OS allows the
logged in user to do. So we are talking about executing arbitrary
shell commands, doing arbitrary communication at its will (sending
spam maybe - or just sending some private documents from home folder),
or even use some known exploits to gain admin rights (especially on
windows) and install some malware for spying or ransomware...
The fact that plugins go through some review process is making QGIS
plugins a less attractive platform for spreading some bad code.
> Rather, I would see the most important working upstream python environment,
> and the plugin to work in a sand-safe box.
Sandboxing python environment in a way where it would be safe to run
any code is very difficult task - and it would negatively impact all
plugins by greatly limiting what they actually can do. I do not think
we have enough resources and skills to undertake such implementation
Qgis-developer mailing list
List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer