Objective-C Plugin Architecture Security (Mac, not iPhone)

自作多情 提交于 2020-01-13 09:29:17

问题


I'm possibly writing a plugin system for a Cocoa application (Mac, not iPhone).

A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys.

Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only.

Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?


回答1:


Yes, OS X has sandboxing support on a per-process level. The only open-source third-party client I'm aware of is Chrome. You could also investigate a wrapper such as Native Client.

That said, there's really no point in trying to sandbox plugins for security reasons, unless you're loading untrusted plugins or content over the network (i.e. a web browser). If someone wants to crack your application locally, they can just use a debugger, DTrace, etc.

What IPC mechanism you use between your app and plugin processes really depends on the type of communication you're doing. Intermachine Distributed Objects (I assume that's what you meant to write) is certainly not a bad choice for most purposes, but you wouldn't want to send video over it. You might check out CoreIPC, which the under-development WebKit2 uses; it works over Mach ports.



来源:https://stackoverflow.com/questions/2824082/objective-c-plugin-architecture-security-mac-not-iphone

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!