Does dynamic code loading is a good idea

As a JAVA developer, I see many Remote Code Execution security issue because JAVA can load any remote code at runtime thanks to its class loader.

When I first look at Rust I was confused not to see the dynamic code loading feature that I thought was cool. Now I consider that not having this feature by default is great in term of security.

What do you think ?

Although I do agree that the culture around this kind of thing in Java-land is why we got the log4j disaster, I do think a middle ground would be useful. Every time someone has posted a question asking what tutorials people think are missing, something for plugins is mentioned.

7 Likes

I saw some people try to set up some thing for plugin desgin, but this is not standard. Maybe the default behavior should be not dynamic import and enable it with an environment variable like RUST_ENABLE_RUNTIME_DYN_LOAD with security added features like remote execution on or off, or plugin signature verification, etc...

I think there are two independent questions here.

Is it a good idea to use dynamic code loading in complete program? Sometimes it is. Well, the whole .dll/.so thing is, in some sense, about this - as a part of "plugin system", or for deduplication of the common code (as it's done with very widely used libraries, such as glibc), or probably for some other cases.

Is it a good idea to bake dynamic code loading into the language itself, as it is done in Java? I'd say that for any language which compiles down to native code (as opposed to Java-like bytecode), the answer is always "no". Dynamic code loading is hard, and doing it safe, effeciently and universally is even harder. So, we might want to have some de-facto standard tools for that (such as libloading), but the ultimate decision on when and how the code must be loaded and how one can check the correctness of the operation is better left for the programmer, not for the language designer.
For bytecode-compiled (or interpreted) languages - well, that's another story, since the bytecode itself could provide some universal way for dynamic loading, which is impossible with assembly alone.

5 Likes

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.