Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Security related with plugins loader #281

Open
langyo opened this issue Mar 1, 2024 · 1 comment
Open

[Security] Security related with plugins loader #281

langyo opened this issue Mar 1, 2024 · 1 comment
Labels
enhancement New feature or request security Related to security tracking This issue is tracking by another issue

Comments

@langyo
Copy link
Contributor

langyo commented Mar 1, 2024

  • 执行前对插件的哈希校验,防止篡改
  • 插件通信SDK能自动与宿主程序进行加密通信,具体实现为:
    • 插件启动时传入握手公钥
    • 插件启动时SDK自动解析公钥,并向对应管道通信并发送插件临时公钥,交换得到双方临时公钥
    • 插件与宿主的通信全程以该临时密钥对通信
  • 严格控制插件的执行等级,需要 UAC 权限进行操作的插件必须提前向宿主申请
@langyo langyo added the enhancement New feature or request label Mar 1, 2024
@Dynesshely Dynesshely added the security Related to security label Mar 2, 2024
@Dynesshely Dynesshely changed the title [备忘] 为插件加载器增加一批安全设施 [Security] Security related with plugins loader Mar 2, 2024
@Dynesshely Dynesshely mentioned this issue Mar 2, 2024
Open
1 task
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 2, 2024

Tracked by #282 .

@github-actions github-actions bot added the tracking This issue is tracking by another issue label Mar 2, 2024
@Dynesshely Dynesshely mentioned this issue Mar 2, 2024
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security Related to security tracking This issue is tracking by another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@langyo @Dynesshely