Mark S. Miller wrote:
It feels a dramatic divergence from the origin-based security
model,
Indeed! Origin-based security has been a nightmare.
Any access control system with hand-coded access monitoring in a big C++
codebase will be.
In SpiderMonkey + Gecko in Firefox, and probably in other browsers, we
actually use OCap under the hood and have for years. In HTML5, the
WindowProxy/Window distinction was finally specified, as an ad-hoc
instance of OCap membranes.
Any time we deviate from OCap, we regret it for both security bug and
access-checking overhead reasons.
/be
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
