caller poison pills, revisited (Was: A few arrow function specification issues)

Mark S. Miller erights at google.com
Mon Apr 23 13:28:42 PDT 2012


On Mon, Apr 23, 2012 at 11:42 AM, Brendan Eich <brendan at mozilla.org> wrote:

> The threat (not sure how real) is not a string telling the backtrace, it's
> an object reference to an ancestor function in the call stack.
>

The ancestor function leak is vastly worse than the backtrace into leak,
but both are real.

http://code.google.com/p/es-lab/source/browse/trunk/src/ses/debug.js is
SES's attempt to secure backtrace leakage on some browsers.



>
> /be
>
> Domenic Denicola wrote:
>
>> I'm becoming increasing convinced that the poison pill approach to
>>> securing the caller chain is a poor approach.  We keep finding leaks in and
>>> it does nothing to prevent implementation from inventing new ways to expose
>>> the stating they are trying to hide. I now think we would be better off
>>> with a general,non-algorithmic restriction on conforming implementation
>>> that forbid them from exposing elements of the caller chain in the
>>> situations that the poison pills were intended to address.
>>>
>>
>> This sounds a bit drastic—wouldn't it preclude V8's
>> Error.captureStackTrace?
>> ______________________________**_________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/**listinfo/es-discuss<https://mail.mozilla.org/listinfo/es-discuss>
>>
>>


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120423/7d7b24a2/attachment.html>


More information about the es-discuss mailing list