<div dir="ltr"><div><div><div><div><div><div><div>Ok, I will try to be more clear (<span id="gmail-result_box" class="gmail-short_text" lang="en"><span>compatibly</span> <span>with my</span> <span class="gmail-">bad English</span></span>).<br><br></div>Look at this: <a href="https://goo.gl/WR8LVF">https://goo.gl/WR8LVF</a><br><br></div>In this project, since now, they (public administration) are using QGIS. But, they have today BIG PROBLEMS with crashes.<br><br></div>In the next version of the system, the NEED to have a secure program (and possibly open source).<br><br></div>QGIS now is NOT secure. <span id="gmail-result_box" class="gmail-short_text" lang="en"><span>I</span> <span>explained</span> <span class="gmail-">enough ? </span></span><br><span id="gmail-result_box" class="gmail-short_text" lang="en"><span>Now</span> <span>you understand</span> <span>what's at stake</span><span class="gmail-">?<br><br><br></span></span></div><span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">I hope so. Now somebody wants to see with me how to </span></span><span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">make</span> <span class="gmail-">sure</span> <span class="gmail-">QGIS</span> <span class="gmail-">decently </span><span class="gmail-">?<br><br></span></span></div><span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">Thank you<br><br></span></span></div><span id="gmail-result_box" class="gmail-short_text" lang="en"><span class="gmail-">Geo<br></span></span></div><div class="gmail_extra"><br><div class="gmail_quote">2016-10-17 11:56 GMT+02:00 Matthias Kuhn <span dir="ltr"><<a href="mailto:matthias@opengis.ch" target="_blank">matthias@opengis.ch</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I like the *idea* of sandboxing.<br>
<br>
And we all know and agree it's a complex topic. Hard to impossible to<br>
get right (let's admit also that security is always something gray and<br>
not black and white - unless the network plug is removed and the room<br>
isolated with tin foil). This on the other hand doesn't mean that there<br>
are some approaches which are just wrong by design.<br>
<br>
There is also the question about the level on which sandboxing should<br>
happen. E.g. distributing the app with flatpak and relying on its portal<br>
mechanism [1] might at one point in the future be a way to get sandboxing.<br>
<br>
One can also run the app inside some other virtualized environment or<br>
even separate physical machine already now for isolation.<br>
<br>
Maybe Pypy is a way to get there as well from the python side. I don't<br>
know. But Nathan is absolutely right that the API offered by Qt builds a<br>
big attack surface for which someone has to first bring up a sensible<br>
idea for how to lock attackers down without restricting possibilities<br>
offered for plugins. Or how to safely decide if running code from<br>
external shared libs like the processing lwgeom provider does [2] is<br>
something safe to do or not.<br>
<br>
If someone seriously wants to follow this route:<br>
<br>
Be prepared to work with specialists in this area and do serious<br>
research about possibilities and feasibility first.<br>
<br>
Be prepared to maintain a separate distribution of QGIS with restricted<br>
python access and reduced plugin functionality.<br>
<br>
Be prepared to get a very big sponsor to back the effort.<br>
<br>
Matthias<br>
<br>
[1] <a href="https://github.com/flatpak/flatpak/wiki/Portals" rel="noreferrer" target="_blank">https://github.com/flatpak/<wbr>flatpak/wiki/Portals</a><br>
[2] <a href="https://plugins.qgis.org/plugins/processinglwgeomprovider/" rel="noreferrer" target="_blank">https://plugins.qgis.org/<wbr>plugins/<wbr>processinglwgeomprovider/</a><br>
<div class="HOEnZb"><div class="h5">______________________________<wbr>_________________<br>
Qgis-developer mailing list<br>
<a href="mailto:Qgis-developer@lists.osgeo.org">Qgis-developer@lists.osgeo.org</a><br>
List info: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">http://lists.osgeo.org/<wbr>mailman/listinfo/qgis-<wbr>developer</a><br>
Unsubscribe: <a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer" rel="noreferrer" target="_blank">http://lists.osgeo.org/<wbr>mailman/listinfo/qgis-<wbr>developer</a></div></div></blockquote></div><br></div>