Right, agreed, there is no security that asm.js offers here, and it is not any kind of goal of asm.js either. Users can tamper with their asm.js pages just fine if they want, like they can tamper with the handwritten JS pages they are visiting.
In the first message, I read the word "vulnerability" from the perspective of "browser vulnerability", and wanted to point out that asm.js does not have any specialties there. 2016-04-24 11:20 GMT+03:00 Brion Vibber <[email protected]>: > On Sunday, April 24, 2016, juj j <[email protected]> wrote: > >> Indeed it is possible to nuke the function pointer table, but I don't >> think this is a vulnerability. In order to be a security issue, it would >> mean there would have to be some kind of escalation to occur. Handwritten >> JavaScript and asm.js C/C++ code should be viewed at the same security >> level or arena in a sense, since the developer is in control of the both. >> Asm.js does not propose a new security layer where handwritten JS outside >> to the asm.js module could be allowed to considered untrusted, but the >> usual web security imposed via domain rules applies here. >> > > There's no need for untrusted handwritten js here; you just need some > function in the asm.js module that you can call that does something you as > an attacker want and has the same call signature as the function pointer > that gets overwritten. > > The rough equivalent in native code is things like forcing a call or > return into another part of the executable or standard library that happens > to do something the attacker finds useful. > > Getting something useful out of the exploit might well piggyback on some > further vector once you're inside, such as producing malicious html that > later gets inserted into the document by code outside the emscripten module > (or could you manage to call something more directly via embind::val etc?) > -- but that's not code the attacker has to inject previously ... If they > could do that, no need to bother with buffer overflows in the asm.js. > > -- brion > > -- > You received this message because you are subscribed to the Google Groups > "emscripten-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "emscripten-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
