a future caller alternative ?

Brendan Eich brendan at mozilla.com
Sat Mar 9 17:02:38 PST 2013


Mark S. Miller wrote:
>
>     It feels a dramatic divergence from the origin-based security
>     model,
>
>
> Indeed! Origin-based security has been a nightmare.

Any access control system with hand-coded access monitoring in a big C++ 
codebase will be.

In SpiderMonkey + Gecko in Firefox, and probably in other browsers, we 
actually use OCap under the hood and have for years. In HTML5, the 
WindowProxy/Window distinction was finally specified, as an ad-hoc 
instance of OCap membranes.

Any time we deviate from OCap, we regret it for both security bug and 
access-checking overhead reasons.

/be


More information about the es-discuss mailing list