Adrienne Felt wrote: >> I think Brendan had some ideas based on tainting to make something >> like your approach work.... > > Hmm, I'm not familiar with this...do you know anything more?
http://wiki.mozilla.org/Mozilla_2 has a brief mention. He gave a talk on this once, and the slides might be available. Not sure. The goal there was to do security checks not on all (read) access, but only on attempts to send the data somewhere. > In order to enforce properties within a page, we'd need to do all of > these checks that currently aren't being done... Yeah, and this would be a performance nightmare if just done for all property access. Think order-of-magnitude slowdown as things stand... > One way we could do it is to essentially "cut out" the untrusted div > content, put it in some kind of new temporary page, replace the cut out > code with an iframe reference to the new temp page, and then proceed > from there. Perhaps, if the layout effects are OK from your point of view... > we want the > outer trusted content to be able to access the untrusted content in a > completely regular fashion. Asymmetric security checks are even more difficult, to be honest. And the access you describe could actually make the trusted content exploitable by the untrusted content... -Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
