a future caller alternative ?
brendan at mozilla.com
Sat Mar 9 17:02:38 PST 2013
Mark S. Miller wrote:
> It feels a dramatic divergence from the origin-based security
> Indeed! Origin-based security has been a nightmare.
Any access control system with hand-coded access monitoring in a big C++
codebase will be.
In SpiderMonkey + Gecko in Firefox, and probably in other browsers, we
actually use OCap under the hood and have for years. In HTML5, the
WindowProxy/Window distinction was finally specified, as an ad-hoc
instance of OCap membranes.
Any time we deviate from OCap, we regret it for both security bug and
access-checking overhead reasons.
More information about the es-discuss