On 2/28/11, Harald Alvestrand <har...@alvestrand.no> wrote: > On 02/28/11 15:55, Bjartur Thorlacius wrote: >> On 2/28/11, Harald Alvestrand<har...@alvestrand.no> wrote: >>> On 02/28/11 15:35, Bjartur Thorlacius wrote: >>>> In effect, you want to create pipelines in JS/ES? >>>> >>> I need pipelines that can be manipulated from Javascript, yes. >>> Javascript is not a millisecond-precise language; the running of the >>> pipelines has to happen elsewhere. >>> >> Would POSIX sh suffice for your purposes? >> The simplest solution I can think of is using sh pipes and standardized >> device names. > The idea of letting anyone's Javascript execute posix sh commands on my > mother's laptop fills me with an abject sense of horror..... no, I can't > imagine a security model in which that would be the right answer to the > question. > Run them without privileges and you should be fine. In fact, access to anything but stdin, stdout and stderr could be denied if you open the media a priori.
> (not to mention that some of the devices that execute Javascript and > have cameras and microphones attached don't HAVE a posix shell). > Smells of odd priorities to have JavaScript but not sh.