Security and the well constructed Qt plugin
I’m building an application using plugins. I believe you could build a malicious plugin, copy it into the correct directory, and my main program would happily run it. I’d like the main program to be smart enough to detect unauthorized plugins and reject them. An encrypted signature and a hash on the binary content of each plugin would work well. Has anyone done anything toward this goal? Or a cross platform library for generating signatures for shared libraries?
I’m aware of how windows does signs executables. Linux not so much. I don’t need Mac compatibility.
Thanks for your time!