ctrl+c and destructors

[Paulo Pinto]

On 04.10.2013 00:38, Walter Bright wrote:
> On 10/3/2013 2:15 PM, nazriel wrote:
>> Music player (as example) do not kill people if they fail.
>> Aborting whole music player just because Visualisation plugin had access
>> violation is pointless.
>
> How does the music player know the fault is in the plugin and it could
> be safely continued?
>
> It doesn't. It cannot. With a shared address space, it could be anywhere.
>
>
>> You can't put every use case into the same bag...
>
> I doubt the users would be pleased if continuing running the program
> resulted in further corruption of the system, including the user's data.
> Yes, and I've used music players that did that. It sux having to rebuild
> the music database from backups every time. It doesn't make me think
> kindly of the player's developers.
>
> A properly designed system with user-supplied plugins that needed to
> recover from plugin failure would put those plugins in a separate
> process space, so when they crash they cannot affect the rest of the
> system. Any other scheme is just a bad design, although it may be
> convenient from a developer cost standpoint to write it that way.
>
> And lastly, such badly designed plugin systems are rich vectors for
> people to insert malware into your system. See ActiveX for an example.


This is actually one of the reasons Go guys are so opinated against 
dynamic linking.

I used to complain about it on gonuts forums, but eventually came to 
realize, that I was a bit spoiled by dynamic loading for plugins and the 
old UNIX model of processes for plugins is what makes more sense from 
the security point of view.

And it is the trend we are seeing nowadays with the integration of 
micro-kernel techniques in mainstream OSs.

Gatekeeper in Mac OS X/iOS, user space drivers in Windows, FF and Chrome 
plugin APIs, ...

Plugins as dynamic libraries open the door for great customizations, but
they open the door for possible instability of the host application and
security exploits.

--
Paulo