Permitted call hooks are execution hooks that run in an executeFromPlugin or executeFromPluginExternal context that are tied to an execution function and the calling plugin. It was originally introduced to enable running of different hooks based on the calling plugin when plugins perform actions via the account. Later, its use expanded to injected hooks provided during plugin installation, which protect the account at the same time the new plugin is installed, as opposed to installing the plugin first and then applying protective hooks to secure the account later (which introduces a window for potential exploits if the installed plugin is malicious).
Permitted call hooks add an additional component to the spec, and its use with injected hooks increases complexity in the plugin install/uninstall process. This proposal seeks to remove permitted call hooks.
Enabling running of different hooks based on the calling plugin can already be done via plain execution hooks, by having the hook-providing plugin implement the switching logic within its hook function. The minor downside here is that these hooks will still run (albeit early return) for non-matching calls.
To replace the injected hooks behavior, one can install a plugin that preemptively applies hooks to execution functions that will be installed later. This way, the protections are already in place by the time the relevant plugin is installed. The tradeoff here is that this is a bit less flexible since the hook-providing plugin must know ahead of time which execution functions to apply hooks to (shared via its plugin manifest), instead of the user being able to configure this at time of installation.
jaypaik
commented
6 months ago
Permitted call hooks are execution hooks that run in an
executeFromPluginorexecuteFromPluginExternalcontext that are tied to an execution function and the calling plugin. It was originally introduced to enable running of different hooks based on the calling plugin when plugins perform actions via the account. Later, its use expanded to injected hooks provided during plugin installation, which protect the account at the same time the new plugin is installed, as opposed to installing the plugin first and then applying protective hooks to secure the account later (which introduces a window for potential exploits if the installed plugin is malicious).Permitted call hooks add an additional component to the spec, and its use with injected hooks increases complexity in the plugin install/uninstall process. This proposal seeks to remove permitted call hooks.