From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 3596 invoked from network); 29 Mar 2021 17:00:42 -0000 Received: from hurricane.the-brannons.com (2602:ff06:725:1:20::25) by inbox.vuxu.org with ESMTPUTF8; 29 Mar 2021 17:00:42 -0000 Received: from localhost.localdomain (localhost [127.0.0.1]) by hurricane.the-brannons.com (OpenSMTPD) with ESMTP id 06225488 for ; Mon, 29 Mar 2021 09:54:00 -0700 (PDT) Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [2a00:1450:4864:20::32a]) by hurricane.the-brannons.com (OpenSMTPD) with ESMTPS id 3b08b80f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Mon, 29 Mar 2021 09:53:23 -0700 (PDT) Received: by mail-wm1-x32a.google.com with SMTP id j4-20020a05600c4104b029010c62bc1e20so7001518wmi.3 for ; Mon, 29 Mar 2021 09:53:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=lzskc1HujMmKf1GDqvtcaCJ1wqSEQaQiH7ReftAvdak=; b=JDIHepxYKj7r04x3EdnNbCy/X+QzmK/eyaqwm127rwAjbhl85hB12zbB5JfcoySJCj WmL4DvaJnrrrQyOd+81OgCzo8heaPRAhZ68TZWhCiFoXLJh53dN2+TJF7iSpM3ydhjxP gas4t3rIQOPiWOxg7TpUMveL3n2s+HbWCEtqnUjBa87GN+ZcCDRsrYPodRmpy1WLPh8o Wky+PPKguZRur0GUiBnh0VJw542aMhlqoYad1e7FUEW2KM5rZLJ+FRFl8DzSfhss7upQ D1t+GoA1e2chscjDaKnY1NW+yS0tJxtkZPMcbM6W9yhIoC44NTat2bn78mTP4/sQtoiH grFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=lzskc1HujMmKf1GDqvtcaCJ1wqSEQaQiH7ReftAvdak=; b=hP4WhCMqIJ7W1gTTlwJCP4EWIGBKIbjSiNF7EYDEBFkSD90VbaHRWSvq+2RnNdTHvv dDToKIBEdPZ3UZ4JTTDZfji8SfvpCkHGiMcNyhtQ2fdAQ8xtMAi3ZQtDCz3aN0P6RWKS ecBzGUSUil6CUvrxkIZsE7lcVtzA38bWwQzrIh8ra/1hjzBgYvqZyigsvI/zcFMU0eQq L1QxKxtaf0zsI2QKz8o+REC9bKBMfWOVDVuRJ7hPDBt6aljC3e5ZyxQSZrdt90CIzM3W vXCWYxCbU3Ildc8p9IbFsvtS19GXK3I39516eJrnNCH5uUZn77Rg2YtbA5eEJIzuMVoy 6tIQ== X-Gm-Message-State: AOAM530Evs6HLR6hdzB+GDPMksnFDQZYA+Nc5S5YsQu/vN+qlbp0onzg AZdy6NigU6VK5gefC5PLv+8= X-Google-Smtp-Source: ABdhPJx3bzv0RAFRNw9dKIrHciXhCL4/MlRltB0OPvpEL4pnVHmJJVwiCeJdwYeIXKqjyIEYVDI/bQ== X-Received: by 2002:a1c:dd89:: with SMTP id u131mr66520wmg.54.1617036799834; Mon, 29 Mar 2021 09:53:19 -0700 (PDT) Received: from toaster (b.5.b.9.4.f.e.f.f.f.c.f.1.b.a.e.1.4.0.9.2.4.1.1.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1142:9041:eab1:fcff:fef4:9b5b]) by smtp.gmail.com with ESMTPSA id x23sm7990wmi.33.2021.03.29.09.53.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Mar 2021 09:53:19 -0700 (PDT) Date: Mon, 29 Mar 2021 17:53:17 +0100 From: Adam Thompson To: Karl Dahlke Cc: edbrowse-dev@edbrowse.org Subject: Re: [edbrowse-dev] It can be done, but is it worth it? Message-ID: References: <20210228204322.eklhad@comcast.net> X-BeenThere: edbrowse-dev@edbrowse.org List-Id: Edbrowse Development List MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210228204322.eklhad@comcast.net> On Sun, Mar 28, 2021 at 08:43:22PM -0400, Karl Dahlke wrote: > This with regard to sharing classes and methods in the master window. > > As mentioned, we put a class or method or constant there, we have to know it can't be tampered with. > Do this. > > Object.defineProperty(mw$, "blah",{enumerable:false,writable:false,configurable:false}); > > Not just what we put in the master window, but the methods we put in the prototypes in the classes in the master window, > and the prototype objects themselves. All of it. > There. > > But what stops them from adding something nefarious? > Nothing. > But we can detect it. > After every browse, and after every js function, in jSideEffects(), > I could call a master window tamper check method > that would get all the keys in the master window, and all the keys in the prototypes of our classes, > and count them, and make sure no new ones were added. > See the latest commit which uses GetOwnPropertyNames() to do this. > So we could detect tampering, and if discovered, turn off javascript for the duration of the edbrowse program. > It's ugly to implement, the solution is a bit drastic, but it would be secure, > and would guard against something that almost certainly would never happen. > Tbh, I'm wondering whether the memory savings etc are worth the sharing at this point. There's part of me thinking to simply not have a master window and pay the penalty that way rather than having to do something ugly like this. Particularly as I've performance concerns with this (also with the idea of not sharing classes but I *think* that'd be less problematic). Just another thought. Cheers, Adam.