[Harmony proxies] Non-configurable properties: fixed properties VS trap all with invariants enforcement

Mark S. Miller erights at google.com
Mon Jun 20 11:31:33 PDT 2011


Hi David, my compliments. This is an important issue I should have caught
but didn't notice. Thanks. I think agree with your conclusion (which I was
leaning towards anyway).


On Mon, Jun 20, 2011 at 10:25 AM, David Bruant <david.bruant at labri.fr>wrote:

> Le 20/06/2011 17:15, David Bruant a écrit :
> > Hi,
> >
> > We may need to switch from the (bicephal) fixed properties model to a
> > "trap all with invariants enforcement" model.
> >
> > With the current simple membrane example:
> > -----
> > var o = {};
> > var s = makeSimpleMembrane(o);
> > var wrapper = s.wrapper,
> >     gate = s.gate;
> >
> > // ... later, in untrusted code (variable name kept for readability)
> > Object.defineProperty(wrapper, 'a', {value:1, configurable:false});
> >
> >
> > // ... later, back in trusted code:
> > gate.disable()
> >
> >
> > // ... later in the same untrusted code which had a reference to the
> > wrapper object.
> Actually, it's more convincing if the wrapper is given to another piece
> of untrusted code, because this code should not have access to what
> another untrusted code added to the wrapper AFTER disabling. Also,
> untrusted code could communicate through non-configurable, but writable
> properties which doesn't sounds good.
>
> > wrapper.a; // 1 in the fixed properties model
> > // throw if the 'get' traps was actually called.
> > // Such a difference is certainly noticeable in all traps.
> > -----
> >
> > The problem with the fixed property model is that properties exist on
> > the proxy object itself with no way to control (and prevent in our
> > case) access to them.
> >
> > David
> > _______________________________________________
> > es-discuss mailing list
> > es-discuss at mozilla.org
> > https://mail.mozilla.org/listinfo/es-discuss
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>



-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110620/03932151/attachment.html>


More information about the es-discuss mailing list