I have such piece of code:
namespace NetHacking
{
interface IPlugin
{
void Execute(PluginData data);
}
public class PluginData
{
private readonly string ConstString = "Const data";
public void Print()
{
Console.WriteLine(ConstString);
}
}
[StructLayout(LayoutKind.Explicit)]
class ExternalPlugin : IPlugin
{
internal class PluginHack
{
public string Text;
}
[FieldOffset(0)]
private PluginData _original;
[FieldOffset(0)]
private PluginHack _hack;
public void Execute(PluginData data)
{
_original = data;
_hack.Text = "Hacking .NET";
}
}
class Program
{
static void Main(string[] args)
{
try
{
var data = new PluginData();
var plugin = CreatePlugin();
plugin.Execute(data);
data.Print();
}
catch (Exception)
{
Console.WriteLine("Error!");
}
Console.WriteLine("End");
Console.Read();
}
private static IPlugin CreatePlugin()
{
return new ExternalPlugin();
}
}}
In the example above PluginData data contains readonly string ConstString string. In theory PluginData passed to Execute method in IPlugin should be used to initialize plugin. Unfortunately ExternalPlugin can overriding ConstString externally.
Is there a way to protect against that ?
If you want to protect yourself against malicious plugins tampering with your application you should run them in their own AppDomain with limited permissions and communicate with the plugin via a well-defined interface. Do not give direct access to your program state to the plugin. Of course the plugin will still be able to modify its own copy of any data you send it, but your copy of the data will not be affected.