Private symbols auto-unwrapping proxies (was: Security Demands Simplicity (was: Private Slots))
Tom Van Cutsem
tomvc.be at gmail.com
Mon Jan 28 23:42:40 PST 2013
2013/1/28 Mark S. Miller <erights at google.com>
> Hi Tom, as you and I discussed in chat, "(base case) there are no
> built-in private symbols in a standard JS environment (i.e. all the
> built-in symbols are unique)" is a bad misunderstanding of the utility of
> membranes. Membranes (and membrane-like patterns) are useful and needed at
> many finer-grains than realms. It is not safe to assume that no private
> symbols exist on both sides of any membrane. I think proposal #1 is fatally
> insecure. I'm glad you like #2.
Ok, so the base case is unsound. Good to know. Proves that it's always
important to explicitly state your base assumptions ;-)
> Btw, there's a terminology problem, assuming you were referring to Joe-E's
> distinctions: In Joe-E terminology, private symbols are *immutable* but
> not *powerless*. (In E terms, private symbols are *DeepFrozen* but not *
> DeepPassByCopy* or *Data*.)
Thanks for the clarification. Will update the wiki.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss