本文介绍了Objective-C 插件架构安全性(Mac,不是 iPhone)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我可能正在为 Cocoa 应用程序(Mac,而不是 iPhone)编写插件系统.

I'm possibly writing a plugin system for a Cocoa application (Mac, not iPhone).

一种常见的方法是将每个插件制作成一个包,然后将这个包注入到主应用程序中.我担心这样做的安全隐患,因为包将完全访问 Objective-C 运行时.我特别关心可以访问处理注册和序列号的代码的插件.

A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys.

我们正在考虑的另一个插件系统是基于分布式通知的.基本上,每个插件都是一个单独的进程,它们将仅通过分布式通知进行通信.

Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only.

有没有办法安全地加载包(例如沙盒)?如果没有,您是否发现使用分布式通知有任何问题?还有其他更好的插件架构吗?

Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

推荐答案

是的,OS X 有 沙盒支持 在每个进程级别.我所知道的唯一开源第三方客户端是 Chrome.您还可以研究诸如 Native Client 之类的包装器.

Yes, OS X has sandboxing support on a per-process level. The only open-source third-party client I'm aware of is Chrome. You could also investigate a wrapper such as Native Client.

也就是说,出于安全原因尝试沙箱插件确实没有意义,除非您通过网络(即网络浏览器)加载不受信任的插件或内容.如果有人想在本地破解您的应用程序,他们可以使用调试器、DTrace 等.

That said, there's really no point in trying to sandbox plugins for security reasons, unless you're loading untrusted plugins or content over the network (i.e. a web browser). If someone wants to crack your application locally, they can just use a debugger, DTrace, etc.

您在应用程序和插件进程之间使用的 IPC 机制实际上取决于您进行的通信类型.对于大多数用途来说,Intermachine Distributed Objects(我假设这就是您要编写的内容)当然不是一个糟糕的选择,但是您不想通过它发送视频.您可以查看 CoreIPC,它正在开发中 WebKit2 使用;它适用于 Mach 端口.

What IPC mechanism you use between your app and plugin processes really depends on the type of communication you're doing. Intermachine Distributed Objects (I assume that's what you meant to write) is certainly not a bad choice for most purposes, but you wouldn't want to send video over it. You might check out CoreIPC, which the under-development WebKit2 uses; it works over Mach ports.

这篇关于Objective-C 插件架构安全性(Mac,不是 iPhone)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-31 18:27