The current approach toward plug-in scanning is to try load the host and then mark it as OK.
When encounters a nasty plug-in, the host leaves for the plug-in host’s heaven.
My question is, why won’t the scanning be done in this way:
For each plug-in:
- Create a new process that gets the plug-in location and tries to load it.
- Once loaded the new process will white-list this plug-in (pipes, white-list file, …) and exist.
- If the new process still exists within a predefined timeout, kill it and ban the plug-in.
It will probably slow down scanning but the host will live to see another day.