Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research how to harden common endowments #1093

Closed
Montoya opened this issue Dec 21, 2022 · 2 comments
Closed

Research how to harden common endowments #1093

Montoya opened this issue Dec 21, 2022 · 2 comments
Assignees
@david0xd
Labels
type-research A research task. type-security Related to enforcing our security model.

Comments

@Montoya
Copy link
Collaborator

Montoya commented Dec 21, 2022
edited by david0xd
Loading

This ticket should focus on finding a way how to harden specific endowments such as endowments that are constructor functions.

One of the suggestion was using Proxies, so that should be one of the starting points for this research.

This ticket will unblock and refine the following tickets:
#1018
#1017

In general, constructor functions are target for the hardening and are presented in the table below:

Endowment Type
BigInt constructor
SubtleCrypto constructor
TextDecoder constructor
TextEncoder constructor
URL constructor
Int8Array constructor
Uint8Array constructor
Uint8ClampedArray constructor
Int16Array constructor
Uint16Array constructor
Int32Array constructor
Uint32Array constructor
Float32Array constructor
Float64Array constructor
BigInt64Array constructor
BigUint64Array constructor
DataView constructor
ArrayBuffer constructor
AbortController constructor
AbortSignal constructor
@Montoya Montoya added the type-security Related to enforcing our security model. label Dec 21, 2022
@david0xd david0xd changed the title Research using proxies to harden common endowments Research how to harden common endowments Dec 21, 2022
@david0xd david0xd added the type-research A research task. label Dec 21, 2022
@david0xd
Copy link
Contributor

david0xd commented Jan 4, 2023

After consulting with a Security Team, we identified some approaches how this should be done.
There are two phases of testing identified:

  1. Trying to make changes to the endowments which should not be possible at all (hardening with harden() SES function).
  2. Searching all objects for globalThis references which exposure to the snap should be prevented.

Several testing approaches are implemented to ensure the security.
Further manual in-detail security audit of the JavaScript intrinsic objects might be required to fully confirm security of it which possibly can be addressed in the two remaining tickets in this epic.

@david0xd
Copy link
Contributor

Since this is already done and discussed, I will close this ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david0xd david0xd

Labels
type-research A research task. type-security Related to enforcing our security model.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Montoya @david0xd