The Anthropic Side Channel (was: How would shallow generators compose with lambda?)

Maciej Stachowiak mjs at apple.com
Wed May 27 01:57:41 PDT 2009


On May 16, 2009, at 11:25 AM, Mark S. Miller wrote:

> On Fri, May 15, 2009 at 2:26 PM, Brendan Eich <brendan at mozilla.com>  
> wrote:
>> [...] but plain old iloop DOS prevention as practiced in browsers
>> does *not* reload the page. And the browser APIs are full of  ways  
>> to detect
>> that finallys didn't run, through effects overt and covert.
>> [...]
>> Just consider iloop DOS prevention as practiced in browsers today:  
>> finally
>> may not run. That's enough.
>
> Have you tried this lately? In a squarefree shell on several browser  
> I typed in
>
>   var x = 8; try { while (true) {} } finally { x = 7; }
>
> Results:
>
> Safari promped. I told it to "stop" scripts. Afterwards, the event was
> terminated, but scripts on the page were still able to run. x was 7,
> indicating that finallys were executed on the way out.

I'm not sure but I think maybe the Safari behavior is a bug, as the  
finally clause could contain another infinite loop.

Regards,
Maciej



More information about the es-discuss mailing list