How to retrieve the global object in strict mode?

Mark S. Miller erights at google.com
Tue Mar 1 07:15:18 PST 2011


On Tue, Mar 1, 2011 at 5:26 AM, Lasse Reichstein <reichsteinatwork at gmail.com
> wrote:

> On Sat, 12 Feb 2011 12:02:55 +0100, Jorge <jorge at jorgechamorro.com> wrote:
>
>  Ok, I see. I thought there was no way to create non-strict code from
>> within strict code.
>>
>> Thank you.
>>
>
> There are plenty of ways.
> However, the idea is that all those ways can be plugged by a determined
> coder, to ensure that foreign code runs in a strict-mode jail.
>

y. The results of this determined effort are SES, or Secure EcmaScript.
http://code.google.com/p/es-lab/wiki/SecureEcmaScript
http://code.google.com/p/es-lab/downloads/detail?name=securing-es5.pdf
http://code.google.com/p/es-lab/source/browse/trunk/src/ses/
http://www.infoq.com/presentations/From-E-to-EcmaScript
http://www.infoq.com/interviews/ecmascript-5-caja-retrofitting-security



>
> Outside of strict mode, it's always possible to get hold of the global
> object. Inside strict mode, you can't get that as easily, and if you can't
> access Function, Function.prototype.constructor, eval, execScript,
> setInterval,
> setTimeout, and ... whatever I have forgotten, you can't create new
> non-strict code.
>

SES replaces the global eval and Function with safe wrappers that allow
access to all whitelisted globals variables, which include all global
variable names defined in ES5, including even "eval" and "Function". It also
initialized Function.prototype.constructor to point at our safe Function
wrapper. For code admitted via our safe eval or Function, it can indeed not
get at the global object nor cause non-strict code to be evaluated.


> If you also hide references to the global object, you are effectively
> jailed to
> your own scope chain[1].
>
> /L
> [1] You also need to  remove access to Object and Object.prototype, so you
> can't affect
> the scope chain of the global object, or of any object. However this breaks
> down if you
> have __proto__ and __defineSetter__ available on all objects :(.
>

There's no reasonable way to deny access to Object and Object.prototype, and
SES does not try to. Instead, it freezes Object, Object.prototype, and all
similar primordials -- all objects reachable through property and super
traversal from the whitelisted globals.




>
> /L
> --
> Lasse Reichstein - reichsteinatwork at gmail.com
>
> _______________________________________________
> es5-discuss mailing list
> es5-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es5-discuss
>



-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es5-discuss/attachments/20110301/cb313d6f/attachment.html>


More information about the es5-discuss mailing list