Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to permit standard unshared magic powers, like WeakRef or Atomics? #791

Open
michaelfig opened this issue Jun 19, 2021 · 3 comments
Open

How to permit standard unshared magic powers, like WeakRef or Atomics? #791

michaelfig opened this issue Jun 19, 2021 · 3 comments
Assignees
@erights
Labels
confinement Pertaining to confinement of guest programs. design kriskowal-review-2024-01 Issues that kriskowal wants to bring to the attention of the team for review as of January, 2024 permits Issues pertaining to SES’s permits for properties of shared intrinsics

Comments

@michaelfig
Copy link
Member

michaelfig commented Jun 19, 2021
edited by kriskowal
Loading

[updated by @kriskowal 2024-01-09]

Document how to permit powerful globals like WeakRef or Atomics.

[original by @michaelfig 2021-06-18]

@erights wrote in: Agoric/agoric-sdk#3171 (comment)

Given

endo/packages/ses/src/whitelist.js

Line 1151 in 479a3ca

Atomics: false, // UNSAFE and suppressed.

it is extremely distressing that you found Atomics in scope. The false in that whitelist entry should have caused that global to be silently removed.

Likewise with

endo/packages/ses/src/whitelist.js

Line 1112 in 479a3ca

SharedArrayBuffer: false, // UNSAFE and purposely suppressed.

vs your use of SharedArrayBuffer in test-trap.js

Attn @kriskowal

It looks like the whitelisting process doesn't actually censor properties of the globalThis, as documented in https://github.com/endojs/endo/blob/master/packages/ses/src/whitelist-intrinsics.js#L254

Is that by design, or something ominous?
@michaelfig michaelfig added the confinement Pertaining to confinement of guest programs. label Jun 19, 2021
@kriskowal
Copy link
Member

This is by design. SES init and lockdown make these inaccessible from within child compartments but leave them intact in the start compartment as a basis for constructing or delegating powers.

@kriskowal kriskowal removed their assignment Jun 19, 2021
@erights erights added the permits Issues pertaining to SES’s permits for properties of shared intrinsics label Jun 25, 2021
@kriskowal
Copy link
Member

@erights Is this issue valid?

@erights erights mentioned this issue Jun 30, 2021
Closed
@erights erights changed the title Top level globalThis properties are not censored How to whitelist standard but unshared magic powers, like WeakRef or Atomics? Jun 30, 2021
@erights
Copy link
Contributor

erights commented Jun 30, 2021

@erights Is this issue valid?

I changed the title to reflect the valid remaining concern

@erights erights changed the title How to whitelist standard but unshared magic powers, like WeakRef or Atomics? How to whitelist standard unshared magic powers, like WeakRef or Atomics? Jun 30, 2021
@kriskowal kriskowal changed the title How to whitelist standard unshared magic powers, like WeakRef or Atomics? How to permit standard unshared magic powers, like WeakRef or Atomics? Jan 10, 2024
@kriskowal kriskowal added the kriskowal-review-2024-01 Issues that kriskowal wants to bring to the attention of the team for review as of January, 2024 label Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erights erights

Labels
confinement Pertaining to confinement of guest programs. design kriskowal-review-2024-01 Issues that kriskowal wants to bring to the attention of the team for review as of January, 2024 permits Issues pertaining to SES’s permits for properties of shared intrinsics
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kriskowal @erights @michaelfig @Tartuffo