Question and proposal: Can D be used to compile and run untrusted plug-ins?

Paul Backus snarwin at
Sat Dec 4 14:18:39 UTC 2021

On Saturday, 4 December 2021 at 14:08:16 UTC, Moamen Abdelsattar 
> On Saturday, 4 December 2021 at 13:53:43 UTC, Adam D Ruppe 
> wrote:
>> You can also mark functions @trusted, which allows all 
>> operations inside but pretends to be safe from the outside.
> Yeah but I'm assuming the compiler will force every function 
> written by the user to be `@safe`, so the user can't mark any 
> code `@trusted`, only the API can.

Even if the compiler could do this, it would not protect you from 
malicious code in a DLL, because an attacker could simply provide 
their own malicious DLL that was created using a different 

To really protect against this threat, you would have to do 
something like embed the compiler in the host application, load 
the plugin as source code, compile it with the embedded compiler, 
and then load the resulting DLL.

Of course, if you're going to all that trouble, you may be better 
off embedding an interpreter for a scripting language like Lua, 
which is designed for this kind of use-case.

More information about the Digitalmars-d mailing list