On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford
<
douglas@...> wrote:
>> So, I suggest that you consider adding 'stack', and possibly
>> 'message', 'stacktrace' and 'toSource', to the banned list.
>
> I do not understand the value in preventing information leaks here.
> What is the hazard?
>
> I am considering the blocking of try/catch in ADsafe. I am concerned about the
> potential of using exceptions to deliver capabilities between isolated
widgets.
Javascript's catch is also problematic since it enables catching of
stack overflow and out of memory errors. A widget could use this
ability to put another object, or perhaps even the browser, in an
inconsistent state. For example, the widget could use up all but one
stack frame and then make a call to a browser object which mutates
part of its state and then attempts a function call before making
additional mutations. The victim object would make the first mutation,
but suffer a stack overflow error before being able to complete the
rest of the mutations. The widget code could catch the Error, leaving
the victim object in the inconsistent state.
Note that the widget doesn't need to guess the size of the stack, but
can measure it at runtime before engaging in the attack.
--Tyler
--
"Waterken News: Capability security on the Web"
http://waterken.sourceforge.net/recent.html
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email