Security and Plugin system

Dear devs,

I really appreciate the idea of a modular plugin system that allows users to easily personalize their system. However I have some growing concerns considering security with the release of user-developed plugins.
To allow the plugin developers realize their ideas in a portable way it seems inevitable to allow installing packages and especially compiling from source which on the other hand opens the way for every kind of malware.

How do you plan to tackle this problem?

Good question.
You will always stay responsible for what you install on your device. As far as I’m aware the plug-ins are mainly webpage’s and Web config files not really aptitude packages. It still offers some risk though.

(note; I’m not a dev)

Of course, ultimately everyone’s responsible for what they do, but I think when people start to find out they installed malware on their volumio that will spoil volumio’s good name and stop a lot of people from using plugins. This however requires people to actually find the malware, which might not be too hard if the SD card is erased, but even worse, it might actually open a backdoor to your local network without anyone noticing.
Even though this is harder with purely webpage-based plugins it is possible nevertheless, but I think purely web-based plugins will only be of very limited use. I have three ideas that I want to realize and would like to make a plugin: Bluetooth A2DP streaming, local UI using the official Raspberry touchscreen and a CD player. As you can guess, every single of those plugins would require aptitude capabilities.

But I guess my concerns don’t seem to be shared by a lot of people, as I can see from the ample feedback here.

I am also concerned by this. That is why every plugin published will be reviewed by the team first . Apt-get will be just inevitable, but with some control over publishing we should be fairly safe. What do you think?

I didn’t wanted to come up with stuff before hearing what others say, but I think the only feasible solution is to offer - or limit plugin installation to - an App Store with reviewed plugins that allows users easy one-click installation within volumio. This would also allow to bind plugin versions to versions of volumio like with Firefox plugins.
With such a concept you can be fairly safe if you exclude plugins that try to use some fairly dangerous concepts like e.g. curl’ing code from a third party site and compiling it.
If you’d like more conceptual input feel free to contact me.

I can only think of the manpower that would take…

I agree that there is some manpower necessary for this, but apart from a short span after launch and based on the activity here I only expect a handful of new plugins to pop up, whereas updated plugins should be a lot easier to review.
If you have other thoughts please drop them here.
Of course it would be nice to have some sort of automated security checks, but the effort to develop something like this compared to manual inspection would be worse by many orders of magnitude.

Yes, it will take manpower to do, but it’s the only way to get the best result… So we’ll be going this way…

Could IBM Appscan possibly be of any use?
I think it could be worth to try. They promoted it to me as free to try with every application you make