a future caller alternative ?

Domenic Denicola domenic at domenicdenicola.com
Mon Mar 11 18:44:27 PDT 2013


From: Dean Landolt

> The leakage is that caller is a reference -- having that reference gives you the capability to follow any further references on its object graph. This reference wasn't explicitly handed out (as is always the case with this-binding in call, apply and bind) -- it was just leaked out by the simple fact that the function was called. It's very possible the caller has all kinds of powers you didn't intend to expose to the callee -- these powers have been leaked. It's really not complex -- this is an inherent, unpluggable leak. And since OCap is now the security model of es, there really no sense in trying to revive caller -- it's gone for good.

As an excellent illustration of this, I was just made aware that the Node.js contextify sandboxing package is vulnerable to just such a "caller attack":

https://github.com/brianmcd/contextify/issues/56



More information about the es-discuss mailing list