Re: Lecture series on SES and capability-based security by Mark Miller

Fri, 04 Nov 2011 11:46:18 -0700 

This is the only one I've seen that seems like it should work, but it depends 
on whether SES/Caja/etc have some sort of way of neutering __proto__. Just from 
hacking around, I don't see much way of censoring it in SpiderMonkey.

MarkM, do you have any tricks for censoring __proto__?

Dave

On Nov 4, 2011, at 10:51 AM, Jorge wrote:

> On 03/11/2011, at 23:55, Mark S. Miller wrote:
>> 3) Although SES is *formally* an object-capability language, i.e., it has 
>> all the formal properties required by the object-capability model, it has 
>> bad usability properties for writing defensive abstractions, and therefore 
>> bad usability properties for use as an object-capability language or for 
>> serious software engineering. One example:
>> 
>> In a SES environment, or, for present purposes, an ES5/strict environment in 
>> which all primordial built-in objects are transitively frozen, say Alice 
>> uses the following abstraction:
>> 
>>    function makeTable() {
>>      var array = [];
>>      return Object.freeze({
>>        add: function(v) { array.push(v); },
>>        store: function(i, v) { array[i] = v; },
>>        get: function(i) { return array[i]; }
>>      });
>>    }
>> 
>> Say she uses it to make a "table" instance with three methods: add, store, 
>> and get. She gives this instance to Bob. Alice and Bob are mutually 
>> suspicious. All of us as programmers, looking at this code, can tell that 
>> Alice intended the table abstraction to encapsulate the array. Given just a 
>> table instance, can Bob nevertheless obtain direct access to the underlying 
>> array?
> 
> Yes, this:
> 
> function makeTable() {
>  var array = [];
>  return Object.freeze({
>    add: function(v) { array.push(v); },
>    store: function(i, v) { array[i] = v; },
>    get: function(i) { return array[i]; }
>  });
> }
> 
> o= makeTable();
> o.add(1);
> o.add(2);
> o.add(3);
> o.add('Yay!');
> 
> o.store('__proto__', {push:function () { console.log(this) }});
> o.add();
> 
> Gives:
> 
> [ 1, 2, 3, 'Yay!' ]
> -- 
> Jorge.
> _______________________________________________
> es-discuss mailing list
> es-discuss@mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss

_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss

Reply via email to