enforce()?
Vladimir Panteleev
vladimir at thecybershadow.net
Sun Jun 20 16:18:55 PDT 2010
On Mon, 21 Jun 2010 00:17:28 +0300, Walter Bright
<newshound2 at digitalmars.com> wrote:
> An input to a dll is user input, and should be validated (for the sake
> of security, and other reasons). Validating it is not debugging.
I don't understand why you're saying this. Security checks in DLL
functions are pointless, for the reasons I already outlined:
>> If it's for the sake of security - parameter validation in DLLs is
>> pointless. If you are able to load and call code from inside a DLL, you
>> are already able to do everything that the DLL can. DLLs don't have any
>> "setuid"-like properties. If we were talking, for example, about
>> syscalls for a kernel module (functions called from userland but
>> executed in kernel land), then that would be a completely different
>> situation.
>
> If you, for example, provide a pluggable interface to your browser app,
> that's done using a dll, and you'd better validate anything you get
> through that plugin interface!
Why? When your application loads a DLL, the DLL instantly gets access to
all of your application's memory, handles, and other resources. It's
running in the same address space and security context. You need to
completely trust the DLL - which is why new browsers (Google Chrome and
experimental Firefox versions) load plugins in separate processes with
reduced privileges.
-- Best regards,
Vladimir mailto:vladimir at thecybershadow.net
More information about the Digitalmars-d
mailing list