Fwd: Are Zones Global State? Do they provide a dangerous communications channel?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Are Zones Global State? Do they provide a dangerous communications channel?

Raul-Sebastian Mihăilă
Wouldn't it be enough to prevent access from normal SES realms to the proto-SES realm's Zone primordial in order to keep SES as an ocap environment (by having the global objects from normal SES realms inherit from a proxy of the global object from proto-SES, instead of inheriting directly from the proto-SES global object)?

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Are Zones Global State? Do they provide a dangerous communications channel?

Mark S. Miller-2

On Mar 21, 2016 4:36 AM, "Raul-Sebastian Mihăilă" <[hidden email]> wrote:
Wouldn't it be enough to prevent access from normal SES realms to the proto-SES realm's Zone primordial in order to keep SES as an ocap environment (by having the global objects from normal SES realms inherit from a proxy of the global object from proto-SES, instead of inheriting directly from the proto-SES global object)?

Hi Raul, recall that Reflect.theProtoGlobal provides direct access to the proto-SES realm's global itself (the so-called "proto-global"). If Zone is found there, then it is pervasively available. The hard question is, is it safe for this observably mutable global to be pervasively available? At first I thought the answer was "of course not". Now, due to Dean's observation, the answer is that it may indeed be safe. This is sufficiently likely that we should consider the case seriously.

If we decide not to share a global Zone but do decide that it is safe to have on individual SES realms, then we can treat it more like eval, Function, Math, and Date: Arrange for it to be absent or crippled on the proto-global, and instead have separate Zone objects to appear on each SES realm's global. As with eval and Function, this could be by built-in initialization. Or as with Date and Math, it could be by user-level pattern. But before worrying about how to fall back to this more conservative position, let's continue to critically examine the more radical hypothesis.



 

_______________________________________________
es-discuss mailing list
[hidden email]
https://mail.mozilla.org/listinfo/es-discuss