On Nov 1, 2007 3:46 PM, Kris Zyp <[EMAIL PROTECTED]> wrote: > >> It's a sandbox, right? Should be safe. Not so fast: > > > last they gave up. rexec was removed from the language. I know of no > > Utilizing a sandbox is not a new concept to JavaScript. Browsers create a > sandbox everytime there is a frame from a different domain.
Kris, That sandbox has been very carefully designed and implemented--and reimplemented--over a period of decades by people who specialize in the field. I don't want to get too far into it, but it's seriously not the best analogy. The browser sandbox is complex and nuanced. It's nontrivial to see why it's secure. It exposes rather a lot of objects. There are many potential holes that are specially plugged. I don't know about other browsers, but at Mozilla we still haven't reduced the pace of vulnerabilities to zero, and these guys been at it for some time now. (This year--2007, mind you--saw significant new work on Mozilla's sandboxing model. Not a joke.) What you're talking about is a simple sandbox-construction scheme. You would want it to be the opposite of the browser sandbox in a lot of respects. You would want it to be simple, trivially secure, exposing a small surface of attack, devoid of special cases, and with zero vulnerabilities by construction. All of which may be possible--I hear .NET has some easy, high-level sandboxing APIs--but browser vendors' JavaScript experience doesn't necessarily translate. But the only point I was trying to make was that providing a fun eval(s, obj) and encouraging users to "roll their own" sandboxes would be irresponsible. > BTW, If only string information was allowed to flow between, this would not > be nearly as difficult, right? Urrrr, I'm not sure, but anyway that isn't the feature people are asking for. Sandboxes are useful because they expose limited *functionality*--meaning objects and methods--to untrusted code. I'd better stop here, because I'm not an expert on this. -j _______________________________________________ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
