On Wed, Nov 21, 2012 at 11:21 AM, Dave Mandelin <[email protected]> wrote:
> On Wednesday, November 21, 2012 11:14:18 AM UTC-8, Bobby Holley wrote: > > I've pondered having the JSAPI methods automatically enter compartments, > > but that's kind of sketchy. > > What's sketchy about it? I've thought about that before too, and it seemed > like it would probably be OK, although APIs that take two compartment-owned > values require something extra. > One issue is that it means that a series of JSAPI calls might involve a dozen enter()/leave()s, rather than just one (had the caller appropriately entered the right compartment). It would also involve wrapping return values, which the caller might not want at all and might be slow. But on a more general API level, it makes it easier to not know what you're doing and have automatic behavior that you may not want. I'm obviously coming at this from the perspective of somebody who understands this stuff very well, and thinks that everyone using these APIs should understand it too and have things crash predictably when they get it wrong. > > Moreover, if such checks were acceptable performance-wise, then I think > > we should just make compartment checking run on release builds (so that > > we could just MOZ_CRASH safely, meaning compartment mismatches would > > no longer be security bugs). Does anyone have a sense if that's in the > realm > > of the possible? > > The main question is if Firefox ends up crashing all over the place to due > to existing bugs or faulty addons. Someone would just have to try it out. > If we're crashing like that, I think crashing is way better than the alternative of what's happening. If that's the only consideration I think we should do this. _______________________________________________ dev-tech-js-engine-internals mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
