Excellent, thanks for the response -- very helpful.
In this particular instance we want to pass content from the page into
untrusted code, and then be able to have that code tell us a result
(also a primitive type, e.g., a string serialization of a map or
similar).
Monica Chew (cc'd above) has im
Boris Zbarsky wrote:
It looks like this list might actually work for security discussion, so
here goes... ;)
At the moment, our expanded-capability architecture suffers from four
issues:
At least four!
1) It's only possible to expand capabilities for a JS stack frame, not
for a web page
It looks like this list might actually work for security discussion, so here
goes... ;)
At the moment, our expanded-capability architecture suffers from four issues:
1) It's only possible to expand capabilities for a JS stack frame, not for a
web page in general, unless one says to never ask
BTW, with respect to this statement:
> > This direction of access (untrusted is handed a "trusted" object by
> > trusted code) is not safe.
Is this due to bugs or policy? That is, in the absence of bugs in this
area, would this direction be safe?
And I suppose a logical followup would be: is the
> This direction of access (untrusted is handed a "trusted" object by
> trusted code) is not safe.
Then it sounds like it is the case that there is no possible way to
safely expose an interface to code in a sandbox? I'm playing with some
maybe-untrusted code in a sandbox, and was hoping to give it
Brendan Eich wrote:
bz and roc proposed the meet fix, we should do it. Boris, is a bug on
file yet?
Not that I'm aware of. And it's not really clear enough in my head to file one;
certainly I'd prefer we get a hang of what security policy we're trying to
enforce first...
That's because of
Fritz Schneider wrote:
So -- sorry if this is harsh -- the security policy as documented on
MDC is incorrect
MDC doesn't have a security policy documented that I'm aware of. The
XPCNativeWrapper docs document when wrappers are created. Nothing more, nothing
less. A security policy would de
Boris Zbarsky wrote:
Fritz Schneider wrote:
If I understand this correctly, if I give an unprotected script a
reference to a trusted object, that script has full access to the
object?
There are some security checks, but they're done by XPConnect. Brendan
or Blake might know more about whethe
So -- sorry if this is harsh -- the security policy as documented on
MDC is incorrect, and the real security policy is folklore that even
experienced developers (like Boris) have to guess at?
Tell me it ain't so.
___
dev-security mailing list
dev-securit
Fritz Schneider wrote:
If I understand this correctly, if I give an unprotected script a
reference to a trusted object, that script has full access to the
object?
There are some security checks, but they're done by XPConnect. Brendan or Blake
might know more about whether there are any JS eng
10 matches
Mail list logo
