Security Demands Simplicity (was: Private Slots)
brendan at mozilla.com
Sun Jan 20 18:39:21 PST 2013
Allen Wirfs-Brock wrote:
> This really makes me start to question even more the viability of
> Proxy based membranes (direct proxies, at least) as an isolation
> mechanism. Independent of private Symbols, it isn't clear that it is
> a practical approach.
Firefox relies on proxies based on the original spec. They are "viable"
-- we don't have any soundness problems, and we bugfix validity problems
until zarro boogs.
Of course, we have not yet implemented symbols, private or public.
Seriously, why are you doubting proxies? Please give more of an
analytical argument. Yes, unknownPrivateSymbol as a "throw or do
nothing" trap seems hacky. We may find a better way. But that's not a
problem with proxies or membranes so much as private symbols in
conjunction with the MOP and the integrity properties we want to enforce.
More information about the es-discuss