Objective-C Plugin Architecture Security (Mac, not iphone)

Posted by Tom Dalling on Stack Overflow See other posts from Stack Overflow or by Tom Dalling
Published on 2010-05-13T02:13:05Z Indexed on 2010/05/13 2:24 UTC
Read the original article Hit count: 374

Filed under:

objective-c

|

plugin

|

architecture

I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone).

A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys.

Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only.

Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

© Stack Overflow or respective owner

Related posts about objective-c

Blocking access to websites with objective-C / root privileges in objective-C

as seen on Stack Overflow - Search for 'Stack Overflow'
I am writing a program in Objective-C (XCode 3.2, on Snow Leopard) that is capable of either selectively blocking certain sites for a duration or only allow certain sites (and thus block all others) for a duration. The reasoning behind this program is rather simple. I tend to get distracted when I… >>> More
Objective-C with some Objective-C++, calling a normal c++ method "referenced from" problem

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I made an Objective-C project for the iPhone. I had only one cpp class, the soundEngine taken from some Apple demo. Now I'm trying to merge OpenFeint which is coded in Objective-C++. As soon as I drop in the code without even referring to it from my code, when I hit Build, my Objective-C code… >>> More
Add an objective @property attribute in objective-c

as seen on Stack Overflow - Search for 'Stack Overflow'
Does anyone know of a way to add additional attribute types to the @property keyword without modifying the compiler? Or can anyone think of another way to genericize getter/setter creation? Basically, I have a lot of cases in a recent project where it's handy for objects to lazily instantiate their… >>> More
ObjectiveC Syntax for Specifying Protocol Name in Method Argument

as seen on Stack Overflow - Search for 'Stack Overflow'
What's the ObjectiveC syntax for specifying a protocol as an argument in a method? Say I have 2 protocols, MyProtocol and MyProtocolCB: @protocol MyProtocolCB <NSObject> - (void) func; @end @protocol MyProtocol <NSObject> - (void) register:(MyProtocolCB*) cb; @end I'm receiving this… >>> More
ObjectiveC builtin template system ?

as seen on Stack Overflow - Search for 'Stack Overflow'
I am developing an iPhone application and I use HTML to display formatted text. I often display the same webpage, but with a different content. I would like to use a template HTML file, and then fill it with my diffent values. I wonder if ObjectiveC has a template system similar to ERB in Ruby. That… >>> More

Related posts about plugin

Unity completely broken after upgrade to 12.10?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am facing a very frustrating issue with my computer right now. I successfully upgraded to Ubuntu 12.10 this afternoon, but after the upgrade, the graphical user interface seems completely broken. To be more specific, I can not get the Unity bar to appear on the right. I have tried many things,… >>> More
Ubuntu 13.10 unity won't load from this morning

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I turned on my pc this morning and unity will not load at all. I have tried loading it manually using ctrl+alt+f1 and all i got from it was the following:- compiz (core) - Info: Loading plugin: core compiz (core) - Info: Starting plugin: core compiz (core) - Info: Loading plugin: ccp compiz (core)… >>> More
Unity not Working 14.04

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am using Ubuntu 14.04 LTS x64. I did a sudo apt-get upgrade yesterday and restarted my PC. Now my taskbar and panel are missing. When I try to restart Unity using unity --replace Then I get error: unity-panel-service stop/waiting compiz (core) - Info: Loading plugin: core compiz (core) - Info:… >>> More
MySQL Syslog Audit Plugin

as seen on Oracle Blogs - Search for 'Oracle Blogs'
This post shows the construction process of the Syslog Audit plugin that was presented at MySQL Connect 2012. It is based on an environment that has the appropriate development tools enabled including gcc,g++ and cmake. It also assumes you have downloaded the MySQL source code (5.5.16 or higher) and… >>> More
Why does this Maven command produce a LifecycleExecutionException?

as seen on Stack Overflow - Search for 'Stack Overflow'
COMMAND: mvn org.apache.maven.plugins:maven-archetype-plugin:2.0-alpha-4:generate \ -DarchetypeGroupId=org.beardedgeeks \ -DarchetypeArtifactId=gae-eclipse-maven-archetype \ -DarchetypeVersion=1.1.2 \ -DarchetypeRepository=http://beardedgeeks.googlecode.com/svn/repository/releases ERROR: +… >>> More