While semihosting is primarily intended for debug of trusted applications, it is possible for the interface to be misused by a malicious application. Recommend that the security implications are made clearer in the specification so that implementors can be aware of these. Suggested wording to go into the Introduction (https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst#introduction):
_Semihosting is intended for running trusted applications. The interface gives almost as much access to the host device as running an application on the host. Semihosted operations that are particularly security sensitive include SYS_OPEN, SYS_RENAME, SYS_REMOVE and SYSSYSTEM. Security conscious hosts may wish to restrict access or limit the implementation of the interface.
While semihosting is primarily intended for debug of trusted applications, it is possible for the interface to be misused by a malicious application. Recommend that the security implications are made clearer in the specification so that implementors can be aware of these. Suggested wording to go into the Introduction (https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst#introduction):
_Semihosting is intended for running trusted applications. The interface gives almost as much access to the host device as running an application on the host. Semihosted operations that are particularly security sensitive include SYS_OPEN, SYS_RENAME, SYS_REMOVE and SYSSYSTEM. Security conscious hosts may wish to restrict access or limit the implementation of the interface.