Mark S. Miller
erights at google.com
Sun Jul 27 09:14:19 PDT 2014
Although there is some interesting work in trying to obtain security
relevant guarantees from a script that isn't first, where a malicious
script may instead have been first (link please if anyone has it), this
work did not seem practical to me.
My POV: A realm starts out pervasively malleable. It can only provide
practical protection to some scripts within the realm from other scripts in
that realm if the first script loaded into that realm is not harmful to
this cause, and if a script supportive of that cause (like initSES.js) is
loaded before any scripts that may be harmful to that cause.
On Sun, Jul 27, 2014 at 5:19 AM, Peter van der Zee <ecma at qfox.nl> wrote:
> On Sun, Jul 27, 2014 at 1:57 PM, David Bruant <bruant.d at gmail.com> wrote:
> > You can deeply freeze it yourself before any other script accesses it.
> That's already assuming you are first. You may not be without your
> knowledge (ISP injection, virus hijack, garden gnomes, etc). At this
> point you'll be too late.
> > My point being that there are ways to prevent any non-trusted scripts
> from modifying Reflect
> And I guess I'm saying, "no, there isn't".
> It'd be nice if there was some kind of mechanic of detecting/ensuring
> that some built-in is indeed a built-in. That would take away all of
> this pain. Maybe including a system module could fix this issue. I
> doubt I'm the first here to mention that though.
> - peter
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss