ARM-software
[semihosting] Mention security implications of semihosting.
While semihosting is primarily intended for debug of trusted applications, it is possible for the interface to be misused by a malicious application. Recommend that the security implications are made clearer in the specification so that implementors can be aware of these. Suggested wording to go into the Introduction (https://github.com/ARM-software/abi-aa/blob/main/semihosting/semihosting.rst#introduction):
Semihosting is intended for running trusted applications. The interface gives almost as much access to the host device as running an application on the host. Semihosted operations that are particularly security sensitive include SYS_OPEN, SYS_RENAME, SYS_REMOVE and SYS_SYSTEM. Security conscious hosts may wish to restrict access or limit the implementation of the interface.
I might be inclined to turn the initial part of your suggested change on its head. Perhaps something like
Semihosting is not designed to be used as a mechanism to sandbox untrusted applications…
