What about more generic security rule: - allow/deny to use external modules ?
then VM could simply check this flag at attempt of loading ANY external module - be it plugin or something else. Then, it is safe to ship VM with FFI built-in, and you can even run FFI tests, because test functions will be sitting inside a VM but not in an external library. But once you try to make a call which requires loading new dynamic library - you will have a primitive failure. As you maybe know, in windows, when you loading a .dll, OS calling a DllMain function. And there are a chance that it can do something evil, what may crash VM and your sandbox is no longer a sandbox :) -- Best regards, Igor Stasenko AKA sig. _______________________________________________ Pharo-project mailing list [email protected] http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-project
