caller poison pills, revisited (Was: A few arrow function specification issues)
Mark S. Miller
erights at google.com
Mon Apr 23 13:28:42 PDT 2012
On Mon, Apr 23, 2012 at 11:42 AM, Brendan Eich <brendan at mozilla.org> wrote:
> The threat (not sure how real) is not a string telling the backtrace, it's
> an object reference to an ancestor function in the call stack.
The ancestor function leak is vastly worse than the backtrace into leak,
but both are real.
SES's attempt to secure backtrace leakage on some browsers.
> Domenic Denicola wrote:
>> I'm becoming increasing convinced that the poison pill approach to
>>> securing the caller chain is a poor approach. We keep finding leaks in and
>>> it does nothing to prevent implementation from inventing new ways to expose
>>> the stating they are trying to hide. I now think we would be better off
>>> with a general,non-algorithmic restriction on conforming implementation
>>> that forbid them from exposing elements of the caller chain in the
>>> situations that the poison pills were intended to address.
>> This sounds a bit drastic—wouldn't it preclude V8's
>> es-discuss mailing list
>> es-discuss at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss