There's a critical question which I'm afraid I've muddled up in this thread:
*is this analysis actually useful*? I have to admit, I got distracted by the
question of what it would take to get the patch in shape, and Nicolas's
suggestions that we implement it differently. I appreciate Brendan's putting
the question of the thing's *value* at the center of the discussion.
I have not used DOMinator; I have talked with Mark and Ivan, who asked me
for help, and watched the video.
Mark has mentioned using this to assess our own sites' vulnerability to
injection attacks and XSS attacks. Here the site developer is using it on
their own code. So, yes, it's looking for accidental leaks.
Mark also said something that I didn't understand about helping fuzzers
focus their efforts more effectively; if I haven't garbled that, it would be
nice to hear more about that.
I've asked Mark and Ivan to post something about their assessment of the
analysis.
-----Original message-----
From: Brendan Eich <[email protected]>
To: Jim Blandy <[email protected]>
Cc: Nicholas Nethercote <[email protected]>, [email protected],
[email protected], Mark Goodwin
<[email protected]>, [email protected]
Sent: 2013 Aug, Sat, 10 19:43:54 GMT+00:00
Subject: Re: [JS-internals] Taint analysis in SpiderMonkey
Jim Blandy wrote:
From what our security folks tell me, even taint analyses that
sometimes drop labels due to simplifications like failing to taint the
PC are still valuable. The code under analysis isn't hostile,
What's the threat model? Accidental leaks?
/be
_______________________________________________
dev-tech-js-engine-internals mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
