Question and proposal: Can D be used to compile and run untrusted plug-ins?
ManKey
mensikovk817 at gmail.com
Tue Dec 7 18:56:27 UTC 2021
On Saturday, 4 December 2021 at 11:33:21 UTC, Moamen Abdelsattar
wrote:
> Now the plug-in can access all system calls and can do
> something malicious, but what if the plug-in is written in D
> and we have something like `-forceSafe` compiler flag (which is
> the proposal) that will force every function written by the
> user to be `@safe`. Now, the user can only import the
> application's API and use it to perform functions and can't
> access the system directly. Is that true?
You can use pure attribute. But it will still be by `cast` to
break it
More information about the Digitalmars-d
mailing list