Objective-C插件架构安全(Mac,而不是iPhone) [英] Objective-C Plugin Architecture Security (Mac, not iPhone)
问题描述
我可能为Cocoa应用程序编写一个插件系统(Mac,而不是iPhone)。
I'm possibly writing a plugin system for a Cocoa application (Mac, not iPhone).
一个常见的方法是使每个插件成束,然后将包注入主应用程序。我关心这样做的安全隐患,因为包将完全访问Objective-C运行时。我特别担心一个插件可以访问处理注册和序列密钥的代码。
A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys.
我们正在考虑的另一个插件系统是基于分布式通知。基本上,每个插件将是一个单独的进程,它们将只通过分布式通知进行通信。
Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only.
有没有办法安全加载bundle(例如sandboxing)?如果没有,您是否看到使用分布式通知的任何问题?有没有其他插件架构会更好?
Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?
推荐答案
是的,OS X有沙箱支持在每个进程级别。我知道的唯一开源的第三方客户是 Chrome 。您还可以调查 Native Client 等包装器。
Yes, OS X has sandboxing support on a per-process level. The only open-source third-party client I'm aware of is Chrome. You could also investigate a wrapper such as Native Client.
也就是说,除非您通过网络加载不受信任的插件或内容(即Web浏览器),否则尝试使用沙箱插件是没有意义的。如果有人想在本地破解您的应用程序,他们只能使用调试器,DTrace等。
That said, there's really no point in trying to sandbox plugins for security reasons, unless you're loading untrusted plugins or content over the network (i.e. a web browser). If someone wants to crack your application locally, they can just use a debugger, DTrace, etc.
您在应用程序和插件进程之间使用什么IPC机制真正取决于你正在做的通信类型。 Intermachine分布式对象(我假设这是你打算写的)对于大多数目的来说肯定不是一个坏的选择,但是你不想通过它发送视频。您可以查看 CoreIPC ,其中欠发展 WebKit2 使用;它在马赫端口工作。
What IPC mechanism you use between your app and plugin processes really depends on the type of communication you're doing. Intermachine Distributed Objects (I assume that's what you meant to write) is certainly not a bad choice for most purposes, but you wouldn't want to send video over it. You might check out CoreIPC, which the under-development WebKit2 uses; it works over Mach ports.
这篇关于Objective-C插件架构安全(Mac,而不是iPhone)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
