Question and proposal: Can D be used to compile and run untrusted plug-ins?
Paul Backus
snarwin at gmail.com
Sat Dec 4 14:18:39 UTC 2021
On Saturday, 4 December 2021 at 14:08:16 UTC, Moamen Abdelsattar
wrote:
> On Saturday, 4 December 2021 at 13:53:43 UTC, Adam D Ruppe
> wrote:
>> You can also mark functions @trusted, which allows all
>> operations inside but pretends to be safe from the outside.
>
> Yeah but I'm assuming the compiler will force every function
> written by the user to be `@safe`, so the user can't mark any
> code `@trusted`, only the API can.
Even if the compiler could do this, it would not protect you from
malicious code in a DLL, because an attacker could simply provide
their own malicious DLL that was created using a different
compiler.
To really protect against this threat, you would have to do
something like embed the compiler in the host application, load
the plugin as source code, compile it with the embedded compiler,
and then load the resulting DLL.
Of course, if you're going to all that trouble, you may be better
off embedding an interpreter for a scripting language like Lua,
which is designed for this kind of use-case.
More information about the Digitalmars-d
mailing list