Question and proposal: Can D be used to compile and run untrusted plug-ins?
Moamen Abdelsattar
moemen0101 at gmail.com
Sat Dec 4 11:33:21 UTC 2021
I've recently known that D functions can be marked as `@safe`,
which makes all unsafe operations unallowed inside the function,
my question is: Can this feature be used to compile and run
untrusted D code safely?
I mean: Let's say We have a program written in D or C, and we
want to allow the user to extend the program by writing plug-ins
and compiling them into dynamic libraries (like notepadd++
plug-ins).
Now the plug-in can access all system calls and can do something
malicious, but what if the plug-in is written in D and we have
something like `-forceSafe` compiler flag (which is the proposal)
that will force every function written by the user to be `@safe`.
Now, the user can only import the application's API and use it to
perform functions and can't access the system directly. Is that
true?
More information about the Digitalmars-d
mailing list