fix: freeze globalThis in coreEval to enforce OCap discipline

refs: #4642, #4352
Agoric · Mar 6, 2022 · 02f401f · 02f401f
1 parent 748616f
commit 02f401f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/packages/vats/src/core/chain-behaviors.js b/packages/vats/src/core/chain-behaviors.js
@@ -80,7 +80,9 @@ export const bridgeCoreEval = async allPowers => {
                 });
 
                 // Evaluate the code in the context of the globals.
-                const behavior = new Compartment(globals).evaluate(code);
+                const compartment = new Compartment(globals);
+                harden(compartment.globalThis);
+                const behavior = compartment.evaluate(code);
                 return behavior(powers);
               }),
             ),