Loading ...
Sorry, an error occurred while loading the content.

Re: SES prototype mostly working on latest Minefield, WebKit, and Chromium betas

Expand Messages
  • Mark S. Miller
    ... Minified and gzipped that is. ... -- Cheers, --MarkM
    Message 1 of 3 , Aug 30, 2010
    • 0 Attachment
      On Mon, Aug 30, 2010 at 3:12 PM, Mark S. Miller <erights@...> wrote:
      May crash your browser or page:
      http://es-lab.googlecode.com/svn/trunk/src/ses/index.html

      Sources at

      This has only been lightly tested and should *not* be relied on to have any security properties yet.

      The claim I working up to is that, on a securable ES5 implementation (<http://code.google.com/p/es-lab/wiki/SecureableES5>), these scripts create an SES environment (<http://code.google.com/p/es-lab/wiki/SecureEcmaScript>) implementing the object-capability security model and solving the safe mashup problem (<http://code.google.com/p/es-lab/wiki/SafeMashups>). 

      Unfortunately, since there is not yet any full browser-based implementations of ES5, the present state of these scripts have various compromises that preserves their functionality but loses security. These are documented in the various files under "KLUDGE SWITCHES". With these kludges, from *extremely* light testing, it seems to work on the latest 
      * Firefox Minefield 4.0b5pre, 
      * Safari WebKit Nightly Version 5.0.1 (5533.17.8, r66356), and 
      * Chromium beta 6.0.490.0 (3135). 
      As soon as I get my VMWare installation fixed, I'll test on the IE9 preview as well. Opera 10.61.8429 does not yet implement Object.getOwnPropertyNames, so I can't even test there. 

      This implementation of SES cannot run on ES5/3 (<http://code.google.com/p/google-caja/wiki/DifferencesBetweenES5Over3AndES5>) as is because of the lack of a client side eval. The current plan is to support SES5/3 directly, rather than porting these scripts to run on ES5/3.

      Like ADsafe, this is all implemented by a lightweight client-side library, with no server-side support need. Minified, the total size of the download comes in under 5k.

      Minified and gzipped that is.

       
      Because it does not parse or transform code, aside from calls to "eval" or the "Function" constructor, the untrusted code runs at full speed and with no code expansion. Due to various transient problems, the safe eval is currently called "eval2" and "eval" remains unsafe.

      Interestingly, this library contains a surprising faithful emulation of WeakMaps on ES5 browsers that don't support WeakMaps directly (<http://code.google.com/p/es-lab/source/browse/trunk/src/ses/WeakMap.js#326>).

      --
          Cheers,
          --MarkM



      --
          Cheers,
          --MarkM
    • Ben Laurie
      ... FWIW, it didn t crash Chrome 5 on Windows. Hard to know if it worked properly, tho! ... -- http://www.apache-ssl.org/ben.html
      Message 2 of 3 , Aug 31, 2010
      • 0 Attachment
        On 30/08/2010 23:12, Mark S. Miller wrote:
        >
        >
        > May crash your browser or page:
        > http://es-lab.googlecode.com/svn/trunk/src/ses/index.html

        FWIW, it didn't crash Chrome 5 on Windows. Hard to know if it worked
        properly, tho!

        >
        > <http://es-lab.googlecode.com/svn/trunk/src/ses/index.html>Sources at
        > http://code.google.com/p/es-lab/source/browse/trunk/src/ses/
        >
        > This has only been lightly tested and should */*not*/* be relied on to
        > have any security properties yet.
        >
        > The claim I working up to is that, on a securable ES5 implementation
        > (<http://code.google.com/p/es-lab/wiki/SecureableES5>), these scripts
        > create an SES environment
        > (<http://code.google.com/p/es-lab/wiki/SecureEcmaScript>) implementing
        > the object-capability security model and solving the safe mashup problem
        > (<http://code.google.com/p/es-lab/wiki/SafeMashups>).
        >
        > Unfortunately, since there is not yet any full browser-based
        > implementations of ES5, the present state of these scripts have various
        > compromises that preserves their functionality but loses security. These
        > are documented in the various files under "KLUDGE SWITCHES". With these
        > kludges, from *extremely* light testing, it seems to work on the latest
        > * Firefox Minefield 4.0b5pre,
        > * Safari WebKit Nightly Version 5.0.1 (5533.17.8, r66356), and
        > * Chromium beta 6.0.490.0 (3135).
        > As soon as I get my VMWare installation fixed, I'll test on the IE9
        > preview as well. Opera 10.61.8429 does not yet implement
        > Object.getOwnPropertyNames, so I can't even test there.
        >
        > This implementation of SES cannot run on ES5/3
        > (<http://code.google.com/p/google-caja/wiki/DifferencesBetweenES5Over3AndES5>)
        > as is because of the lack of a client side eval. The current plan is to
        > support SES5/3 directly, rather than porting these scripts to run on ES5/3.
        >
        > Like ADsafe, this is all implemented by a lightweight client-side
        > library, with no server-side support need. Minified, the total size of
        > the download comes in under 5k. Because it does not parse or transform
        > code, aside from calls to "eval" or the "Function" constructor, the
        > untrusted code runs at full speed and with no code expansion. Due to
        > various transient problems, the safe eval is currently called "eval2"
        > and "eval" remains unsafe.
        >
        > Interestingly, this library contains a surprising faithful emulation of
        > WeakMaps on ES5 browsers that don't support WeakMaps directly
        > (<http://code.google.com/p/es-lab/source/browse/trunk/src/ses/WeakMap.js#326>).
        >
        > --
        > Cheers,
        > --MarkM
        >


        --
        http://www.apache-ssl.org/ben.html http://www.links.org/

        "There is no limit to what a man can do or how far he can go if he
        doesn't mind who gets the credit." - Robert Woodruff
      Your message has been successfully submitted and would be delivered to recipients shortly.