Restrict filer booting of apps for security.

Could the automatic filer booting of apps be restricted to named folders and their sub-directories? (eg apps, utilities, !boot).

An option could be added to the menu to boot apps manually (or whole folders).

The current new windows exploit doing the rounds, reminded me that RISC OS has a similar vulnerability built in as a design feature.

Is it this exploit you’re referring to?

IMHO you’re right about the current arrangement being not too secure. But if it’s disabled as you suggest, some application sprites would then be missing… in which case I guess the OS would have to take care of this automatically. ISTR the Style Guide recommends that an application’s !Run file shouldn’t assume !Boot has already been run, so no implications there (for compliant applications anyway).

The one I was thinking of is here http://www.theregister.co.uk/2010/07/19/win_shortcut_vuln/ (but the real parallel is the autorun feature).

I’m think more that applications would work as they do now if they are in the “right” place. But from anywhere else, you would have to explicitly filer boot them.

This wouldn’t be perfect security, but it would close the hideously gaping hole, with a small change.

Configure would control what folders and drives were allowed to filer boot.