I haven't looked into the details, but, in general, side channel information is a rich area for unintentional disclosure. For example, timing information leaks a ton of information.
Here's a recent paper that shows a bunch of stuff you can use from the sizes of things. In this case, they're looking at the size on the wire, but you could imagine something similar for in-memory size: http://oakland31.cs.virginia.edu/slides/sidechannel.pdf Adam On Wed, Jun 2, 2010 at 11:52 AM, Sam Weinig <sam.wei...@gmail.com> wrote: > Now that I have had a little time to think about it, I think my biggest > concern with this type of API is the unintentional ability for an attacker > to gain information from the engine consuming specifics amount of memory. > Let's take the visited link history stealing attack as an example. Even > though you can no longer use getComputedStyle() directly to gain information > as to whether a link was visited or not, if the engine allocated subtly > different amounts of memory depending on whether the link was visited or > not, an attacker could detect this and gain that information. > Adam (and other web security people), am I being overly paranoid about this? > -Sam > > On Fri, May 28, 2010 at 10:56 AM, Mikhail Naganov <mnaga...@chromium.org> > wrote: >> >> Greetings, WebKit deveopers, >> >> As a response to requests from web apps developers, I was intended to >> add a simple API for accessing web app's memory consumption, see >> https://bugs.webkit.org/show_bug.cgi?id=39646 >> >> The scenario of using this API is as follows: >> - a builbot runs web app's common usage scenarios tests; >> - inside tests, memory usage is recorded via the API proposed; >> - the results are sent to a server (using XHR or a CGI request); >> - server plots nice graphs of memory usage status, bound to the >> changes made to the web app; >> - thus, if someone does a change that blows up memory usage, >> developers will notice. >> >> As Sam points out, this change may be fine, but he suggests to make it >> accessible only when a browser runs in a special "developer" mode. >> This can also be applied to the whole 'console' object. >> >> Please, share your thoughts on this. > > _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
