Security and direct proxies (Was: Re: Lecture series on SES and capability-based security by Mark Miller)

Andreas Rossberg rossberg at google.com
Tue Nov 8 11:33:42 PST 2011


On 8 November 2011 20:29, Andreas Rossberg <rossberg at google.com> wrote:
> On 8 November 2011 18:47, David Bruant <bruant.d at gmail.com> wrote:
>> "Given that direct proxies are not in a position to violate any of the
>> *non-configurability or non-extensibility constraints* of their wrapped
>> target, it should be safe to replace an existing normal object by a
>> direct proxy wrapping that object."
>> My understanding is that regarding the issue you mention, you cannot do
>> more with startTrapping than redefining built-ins by (re)setting a property.
>
> That may be true for plain objects, but I think the situation is quite
> different for functions, because there is no equivalent to
> "non-configurable" for the [[Call]] and [[Construct]] properties.

BTW, a similar issue applies to getters and setters: even if a
property is non-configurable, as long as it is defined by accessors an
attacker could attach to the underlying JS functions and thereby
essentially redefine the property without actually modifying it.

/Andreas


More information about the es-discuss mailing list