You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the spec supports dependencies and injected hooks. These address two problems with using plugin manifests alone:
Dependencies address “plugin incompatibilities”, where a plugin needs external functionality that it doesn’t want to hard-code. Right now this is only used for providing owner/root validation functions for sensitive plugin functions.
Injected hooks address “plugin permissions” by providing a way to apply protective checks to plugins as they’re installed, providing guard rails that “limit the blast radius” of malicious plugins. This can’t be done via regular plugin hooks for 2 reasons:
Manifests must be static in their contents, which means you would need a different manifest to apply a “permission” hook to different plugins. And since manifests are static, this means re-compiling the permissions plugin for each other plugin it is providing checks for.
Hooks must be applied after the plugin is installed, and unfortunately onInstall would allow a malicious plugin to perform actions before its permissions plugin is installed.
These are very opinionated usages, and the specifics of how they are used bleeds into the standard itself. If we can generalize “user supplied install configs” as a mechanism to supplement or override manifest fields, we can reduce spec complexity.
The text was updated successfully, but these errors were encountered:
onInstall
would allow a malicious plugin to perform actions before its permissions plugin is installed.The text was updated successfully, but these errors were encountered: