Hello,
2015-08-13 5:28 GMT+02:00 Jasper St. Pierre <jstpie...@mecheye.net>:
> Out of curiosity, what would the threat model be here? How would an
> attacker put bad input into the JS engine to be exploited by a
> ruleset?
>
(The ruleset is assumed to be trusted: usually only root can add rules.
Stupid JS rules are a threat, but not the reason we need a resilient JS
runtime.)
Any local user can call CheckAuthority with arbitrary data and arbitrary
(and arbitrarily large) hash tables, and keep an arbitrary number of
requests in flight / waiting for agent response at the same time. This
gives a fair amount of control over the contents and layout of the JS heap.
I don’t know, perhaps I am too paranoid, and I certainly don’t know enough
about the internals of various JS runtimes. But, well, a 2-year-old project
with one contributor is an entirely different scale from the browser
runtimes.
Mirek
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/polkit-devel
