[fix] leaky functions and globals #10

merged 1 commit into from Jan 2, 2012


None yet
1 participant

bmeck commented Jan 2, 2012

This should fix the following:

Function constructor attack (use a comm channel instead of naive function).
Leaking global attack (easy Function wrapper).
Type coercion attack (serialize inside the sandbox, though you may want to add a circular dependency serializer inside the sandbox).
Function.caller attack (fixed by strict mode).
Function.arguments attack (fixed by strict mode).
Native prototype attack (fixed by lack of leaks from others, hooking Function.prototype.call from leaked function for example).

I added some basic examples.

bmeck referenced this pull request Jan 2, 2012


Leak + "use strict" #9

@bmeck bmeck added a commit that referenced this pull request Jan 2, 2012

@bmeck bmeck Merge pull request #10 from bmeck/unleak
[fix] leaky functions and globals

@bmeck bmeck merged commit 5dcb4b4 into gf3:master Jan 2, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment