issues
search
Crequency
/
KitX
An all-purpose toolbox app that connect everything.
https://kitx.apps.crequency.com
GNU Affero General Public License v3.0
1.17k
stars
49
forks
source link
[Security] Security related with plugins loader
#281
Open
langyo
opened
7 months ago
langyo
commented
7 months ago
执行前对插件的哈希校验,防止篡改
插件通信SDK能自动与宿主程序进行加密通信,具体实现为:
插件启动时传入握手公钥
插件启动时SDK自动解析公钥,并向对应管道通信并发送插件临时公钥,交换得到双方临时公钥
插件与宿主的通信全程以该临时密钥对通信
严格控制插件的执行等级,需要 UAC 权限进行操作的插件必须提前向宿主申请
github-actions[bot]
commented
7 months ago
Tracked by #282 .