>From email on this thread and from private email I've received, I'm a bit worried that my earlier message was misunderstood. I agree that we're not going to secure JavaScript well enough to solve the covert channel problem. I stated so:
On Tue, Aug 31, 2010 at 9:32 PM, Mark S. Miller <erig...@google.com> wrote: > The example above is of a covert channel, in the sense that b.js *intends* > to send a signal that c.js can read. When b.js does not intend to signal, we > have a side channel rather than a covert channel. Preventing a covert > channel is generally much harder than preventing a side channel, so one > might argue that the addition of this covert channel doesn't matter much. > > But JavaScript currently doesn't have any side channels as juicy as this > one. If b.js is not intending to signal to c.js, but rather is just > innocently doing some internal data-dependent algorithmic task, how much can > c.js ascertain about b.js's internals by seeing which shared immutable > objects get dropped? Securing JavaScript is already hard enough as it is. > I'd rather not have to add to it the burden of trying to answer this very > hard question. > Although I illustrated the non-overt channel here as a covert channel in a possibly failed attempt at clarity, my real point and my real worry is about its use as a side channel. As a side channel, this ability to sense the collection of individual objects is much more informative than anything I know of in current JS. If anyone knows of any side channels that seem as bad, perhaps I've overlooked them, so please post. If they also seem unpluggable, then I would agree that my position here becomes pointless and we'd need to give on resisting side channels as well. (Fortunately, regarding the WeakMap enumerability question, we seem to have consensus to stick with non-enumerability on other grounds anyway. But this side channel question will reappear so we may as well understand the limits on how well we can resist them.) -- Cheers, --MarkM
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss