Objective-C的插件体系结构安全（苹果机，勿iPhone） [英] Objective-C Plugin Architecture Security (Mac, not iPhone)

问题描述

我可能写Cocoa应用程序（苹果机，勿iPhone）插件系统。

I'm possibly writing a plugin system for a Cocoa application (Mac, not iPhone).

一个常见的​​做法是每个插件捆绑的牌子，再注入捆绑到主应用程序。我很担心这样做的安全问题，因为束必须将Objective-C运行完全访问权限。我具有访问code，处理登记和串行键插件特别关注。

A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys.

我们正在考虑的另一个插件系统基于分布式的通知。基本上，每个插件都将是一个独立的进程，他们将通过仅分布通知通信。

Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only.

有没有办法来加载包安全（例如沙盒）？如果没有，你看到使用分布式通知的任何问题？是否还有其他的插件架构，将是更好？

Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

推荐答案

是，OS X有<一个href=\"http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man7/sandbox.7.html#//apple_ref/doc/man/7/sandbox\"相对=nofollow>沙盒支持在每个进程级别。唯一的开放源码的第三方客户端，我知道的是<一个href=\"http://src.chromium.org/cgi-bin/gitweb.cgi?p=chromium.git;a=blob;f=chrome/common/sandbox_mac.mm\"相对=nofollow> Chrome浏览器。您也可以调查的包装，如 Native Client的。

Yes, OS X has sandboxing support on a per-process level. The only open-source third-party client I'm aware of is Chrome. You could also investigate a wrapper such as Native Client.

尽管如此，有真的在试图沙盒插件为安全起见，除非你不信任的加载插件或内容在网络上（即Web浏览器）是没有意义的。如果有人想在本地破解你的应用程序，他们可以只使用一个调试器，DTrace的，等等。

That said, there's really no point in trying to sandbox plugins for security reasons, unless you're loading untrusted plugins or content over the network (i.e. a web browser). If someone wants to crack your application locally, they can just use a debugger, DTrace, etc.

在您的应用程序和插件的进程之间使用什么IPC机制实际上取决于沟通的你正在做的类型。机器间的分布式对象（我假定这就是你的意思写的）当然不是在大多数情况下一个不错的选择，但你不会想在它发送视频。你可能会检查出 CoreIPC ，其正在开发中的 WebKit2 使用;它的工作原理在马赫端口。

What IPC mechanism you use between your app and plugin processes really depends on the type of communication you're doing. Intermachine Distributed Objects (I assume that's what you meant to write) is certainly not a bad choice for most purposes, but you wouldn't want to send video over it. You might check out CoreIPC, which the under-development WebKit2 uses; it works over Mach ports.

这篇关于Objective-C的插件体系结构安全（苹果机，勿iPhone）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！