[primaeval]

hehe, tell that to the user that gets their identity sold, their ccards maxed, their bank accounts emptied and creditors hounding them. I'm sure they would appreciate that they have been given the complete freedom to do truly stupid things.

I'm sure the authors of strcpy would never envisioned that it would be used to trigger buffer overflows and gain root. Why would anyone in their right mind pass bogus strings into strcpy? The key is 'in their right mind'. The same is true here with addons. Good idea, bad implementation.

You really understand the problem. Do you think there is a solution to allow addons with the right security permissions? I see you are probably restricted by Apple and Amazon with your fork in what content you could allow.

[trogggy]

hehe, tell that to the user that gets their identity sold, their ccards maxed, their bank accounts emptied and creditors hounding them. I'm sure they would appreciate that they have been given the complete freedom to do truly stupid things.

I'm sure the authors of strcpy would never envisioned that it would be used to trigger buffer overflows and gain root. Why would anyone in their right mind pass bogus strings into strcpy? The key is 'in their right mind'. The same is true here with addons. Good idea, bad implementation.

You need to make it sound a bit more dramatic.
The whole 'too much freedom' thing is a bit mumsy for my liking, thanks all the same.

[da-anda]

I doubt a PR implementing a sandbox for add-ons would be denied, but who is willing to do it? That's the question since years, as this topic came up over and over again.

[MrMC]

I already suggested what to do, it was rejected as too restrictive.

Side note, webserver also needs sandboxing and sanitization of what can be fetched. I'm sure a lot of people would be dismayed to realize that sources.xml and passwords.xml can be snatched out will little regard to the fact that both of these files contain username/passwords (in clear text). There is no reason I can think up to access these files from the webserver.

MrMC fork plugged that hole and access outside the webserver location for iOS/tvOS and is about to plug it for FireTV.

[Lunatixz]

I brought up the same concept concerning plugin authentication, idea was rejected in flames...

[metalkettle]

I agree that certain actions of SOME 3rd party developers can be seen to be wrong, and messing with people's systems outside and inside of kodi is wrong if done with malice. But this then begs the question, how does anyone know? I agree.
As an example. I have written an addon specifically for openelec. It writes executables to the openelec install and runs them. This then alters the way openelec works.
The addon in question is an one which sets up and runs a vpn on an openelec system. This to most will be a benefit. There is no malice or danger intended. Just a solution to a problem which involves running applications outside kodi and altering the way kodi works at an os level. Is this wrong?

[Ned Scott]

I agree that certain actions of SOME 3rd party developers can be seen to be wrong, and messing with people's systems outside and inside of kodi is wrong if done with malice. But this then begs the question, how does anyone know? I agree.
As an example. I have written an addon specifically for openelec. It writes executables to the openelec install and runs them. This then alters the way openelec works.
The addon in question is an one which sets up and runs a vpn on an openelec system. This to most will be a benefit. There is no malice or danger intended. Just a solution to a problem which involves running applications outside kodi and altering the way kodi works at an os level. Is this wrong?

OpenELEC is a bit different, because "add-ons" are both real Kodi add-ons as well as a way to install outside packages/programs/etc.

In a perfect world this "other" type of add-on would either be replaced by another method, or require the user to approve some warning message. Same idea as what you see on Windows or Mac OS X, where some application installs try to write to an area normally reserved for the OS. It would likely be an option specific for things like OpenELEC, LibreELEC OSMC, Kodibuntu, etc.

[primaeval]

I doubt a PR implementing a sandbox for add-ons would be denied, but who is willing to do it? That's the question since years, as this topic came up over and over again.

It looks like all the skilled developers and Team Kodi know there is a problem and how to fix it.

If you just write a proposal together I am sure that would get the core development team started on it.

12 million Kodi users depend on you to do the right thing.

[primaeval]

I have made a Feature Request for Addon Sandboxing (or whatever will be the best solution).
http://forum.kodi.tv/showthread.php?tid=272361

I hope you can all contribute positive solutions to the proposal that would protect the naive and technologically challenged users out there, as well as the potential damage by genuine official addon mistakes.

[Memphiz]

How come that you think anyone of us has a concept for sandboxing addons? We use libpython which can access everything that the python runtime offers - we don't really have control over it. The only thing i can think of is wrapping calls from libpython that might be used in a dangerous way - but that could be the whole c api... - so whoever thinks this is easy - come forward with an idea please.

[primaeval]

How come that you think anyone of us has a concept for sandboxing addons? We use libpython which can access everything that the python runtime offers - we don't really have control over it. The only thing i can think of is wrapping calls from libpython that might be used in a dangerous way - but that could be the whole c api... - so whoever thinks this is easy - come forward with an idea please.

I certainly don't think this is going to be easy. It might be Kodi's moon shot proposal.

But there are lots of examples of security models that allow addons/apps with sandboxing like Android, Chrome etc.

I am not a computer scientist by education but I am sure there are some here that know what to do.

[Paranoidjack]

I agree that certain actions of SOME 3rd party developers can be seen to be wrong, and messing with people's systems outside and inside of kodi is wrong if done with malice. But this then begs the question, how does anyone know? I agree.
As an example. I have written an addon specifically for openelec. It writes executables to the openelec install and runs them. This then alters the way openelec works.
The addon in question is an one which sets up and runs a vpn on an openelec system. This to most will be a benefit. There is no malice or danger intended. Just a solution to a problem which involves running applications outside kodi and altering the way kodi works at an os level. Is this wrong?

I don't see it as being wrong - you're clearly letting the user know what you're doing and its intention.

The problem I had with a certain addon changing the HOSTS file was there was no disclaimer or indication they were modifying it unless you looked at the code - transparency is vital and this trend of devs obfuscating their code isn't helpful to the situation.

[natethomas]

I am not a computer scientist by education but I am sure there are some here that know what to do.

This and statements like it that trivialize how difficult or time consuming something is from people who don't actually know how difficult or time consuming it is are typically not well received. Just FYI.

[primaeval]

I am not a computer scientist by education but I am sure there are some here that know what to do.

This and statements like it that trivialize how difficult or time consuming something is from people who don't actually know how difficult or time consuming it is are typically not well received. Just FYI.

I am an electrical engineer by profession so I know almost as much as a computer scientist but not the theory behind what to do.

Please don't think I don't understand the complexity of the issue or trivialize how difficult or time consuming it is.

Just imagine how time consuming it would be to you if someone used an addon to steal your identity and post child pornography from your Facebook account?

[primaeval]

Another good thread with a warning about Python Reverse Shells.
https://www.reddit.com/r/Addons4Kodi/com...ddons_you/

[–]cttttt 4 points 14 hours ago

Wow. Didn't know there was no sandbox. I guess stuff like this is completely possible in an add-on then:

Python Reverse Shell Tutorials
https://www.youtube.com/playlist?list=PL..._3OL-_Bz_8
...no sneaky installer required. If this is the case, yikes.