0

A requirement of the project I'm working on is being able to plug the 3rd party functionality into my app while it is already running. These libraries will be provided by other colleagues in my team. I came up with the following :

typedef Foo*(*Creater)();
Creater createFn = resolveSomeHow(dllName, "create");
Foo* pFoo = createFn();

As a consequence, every library developer has to define a Foo* create() function:

class Bar : public Foo {
}

extern "C" __declspec(dllexport) Foo* create() {
    return new Bar();
}

The problem is, after the deployment, someone with bad attitude can create a DLL with Foo* create() function which returns a Foo instance with malicious code. How can I prevent this ?

I'm looking for a solution which doesn't require me to depend on an encryption library or something like that. I'm aware that nothing can stop someone who is determined enough but just want it to be not that easy.

Murat Şeker
  • 1,651
  • 1
  • 16
  • 29
  • https://stackoverflow.com/questions/980170/how-to-create-a-lightweight-c-code-sandbox may be relevant. How is your app running? Does it have elevated permissions? This is one heck of a security hole. The OS maybe able to stop anything not sophisticated from reaching to disallowed memory, but if you want to stop things on your end this may require advanced memory management, such as sand boxing within your program the module run. That's why Google/Apple screen submitted applications before publishing them. Often you would put the responsibility on the end-user for verifying(trusting) modules. – kabanus Nov 23 '17 at 14:12
  • You can not easily prevent this. – knivil Nov 23 '17 at 14:32
  • 1
    This is what code signing is designed for. Sign the DLLs that have been vetted as acceptable, and have the app check the signing before calling `create()`. Then you can skip unsigned DLLs. – Remy Lebeau Nov 23 '17 at 16:02

1 Answers1

0

You can add a function in each library to do a basic check using a pseudo-random generator, or whichever other equation you like.

The idea is quite simple: your app calls the function with a value and the library must answer with the next number in the sequence, (or the result of running the equation with the number you sent).

Michaël Roy
  • 6,338
  • 1
  • 15
  • 19