David Bruant wrote:
Le 24/09/2012 10:04, Tom Van Cutsem a écrit :
2012/9/24 David Bruant <[email protected] <mailto:[email protected]>>
Le 23/09/2012 22:04, Herby Vojčík a écrit :
> Hello,
>
> maybe I missed something, but how will you secure the whitelist
> itself? Malicious proxy knowing righteous one can steal its
whitelist,
> afaict.
I'm sorry, I don't understand what you're saying here. Can you be more
specific and provide an example of an attack?
As far as I'm concerned, I consider the design secure, because it's
possible to easily write code so that only a proxy (or it's handler to
be more accurate) has access to its whitelist and nothing else.
Ah, here was the confusion, the handler has the whitelist, so no attack
possible. Sorry for false alarm.
Herby
Right. Perhaps what Herby meant is that the proxy might provide a
malicious whitelist to steal the names being looked up in them. This
will be prevented by requiring the whitelist to be a genuine, built-in
WeakSet. The proxy will use the built-in WeakSet.prototype.get method
to lookup a name in that whitelist, so a proxy can't monkey-patch that
method to steal the name either.
True. I think a lot of that part depends on how WeakSet/Set are spec'ed.
It might be possible to accept proxies wrapping WeakSets (which is
likely to be helpful with membranes) and perform the check on the target
directly, bypassing the proxy traps. Or maybe consider the built-in
WeakSet.prototype.get method as a private named method on the weakset
instance and only call the unknownPrivateName trap.
David
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
