Polkit on Duktape
Miloslav Trmac
mitr at redhat.com
Thu Aug 13 08:19:48 PDT 2015
Hello,
2015-08-13 5:28 GMT+02:00 Jasper St. Pierre <jstpierre at mecheye.net>:
> Out of curiosity, what would the threat model be here? How would an
> attacker put bad input into the JS engine to be exploited by a
> ruleset?
>
(The ruleset is assumed to be trusted: usually only root can add rules.
Stupid JS rules are a threat, but not the reason we need a resilient JS
runtime.)
Any local user can call CheckAuthority with arbitrary data and arbitrary
(and arbitrarily large) hash tables, and keep an arbitrary number of
requests in flight / waiting for agent response at the same time. This
gives a fair amount of control over the contents and layout of the JS heap.
I don’t know, perhaps I am too paranoid, and I certainly don’t know enough
about the internals of various JS runtimes. But, well, a 2-year-old project
with one contributor is an entirely different scale from the browser
runtimes.
Mirek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/polkit-devel/attachments/20150813/38a84338/attachment.html>
More information about the polkit-devel
mailing list