Hi all,
Extension A receives an access token and needs to hand it to extension B,
which publishes a handler function via a rendezvous variable
(find_rendezvous_variable).
Since rendezvous variables are just a global, name-keyed void * with no
notion of who populated the slot, is it safe to pass a sensitive value (the
token) this way? My worry is that another loaded module could register the
same name and receive the token instead of the intended extension B.
Is there a supported way to verify the publisher of a rendezvous variable,
or is there a better way to do this? Any prior art would help.
Thanks.