Weak event listener

Brendan Eich brendan at mozilla.com
Wed Mar 27 15:40:36 PDT 2013


David Bruant wrote:
> Le 27/03/2013 15:52, Brendan Eich a écrit :
>> Please read the "memory safety and weak references" thread.
>>
>> The issue is not just SES, which might remove an iterator in 
>> preparing the environment. Stock JS must not be vulnerable to 
>> jit-spray attacks due to enumerable weak maps.
> From what I understand of the attack, JS isn't vulnerable. Only 
> current implementations are. I admit it carries some weight, but let's 
> not confuse the 2.

No, you are misreading again. JS if it has enumerable weakmaps (you 
advocate) plus real-world vulns in its impls (which are *inevitable*) 
makes pwnage.

Changing the disagreement to be about JS vs. its impls is off the mark. 
Can you re-defend enumerability of weakmaps now that I've pointed out 
the security risk does not apply only to SES users, to be addressed by 
SES removing the @iterator?

/be


More information about the es-discuss mailing list