Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explicitly harden some shared prototypes #8738

Merged
merged 9 commits into from
Jan 16, 2024
Merged

Explicitly harden some shared prototypes #8738

merged 9 commits into from
Jan 16, 2024

Conversation

mhofman
Copy link
Member

@mhofman mhofman commented Jan 10, 2024

refs: endojs/endo#1939

Description

While investigating endojs/endo#1686 I found out that a few prototypes (mostly generators) are not explicitly hardened, resulting on our reliance on harden transitively hardening the prototype chain.

To avoid these cases of late hardening of shared mutable objects, this PR explicitly hardens all found occurrences.

Security Considerations

More explicit hardening brings more security

Scaling Considerations

None

Documentation Considerations

None

Testing Considerations

These occurrences were found by grep for generators, and testing in #8700 which failed in case of implicit hardening of prototypes through instances. There may be others shared prototypes lurking, but until we have shallow hardening actually implemented, we won't find them all.

Upgrade Considerations

All packages changes were split in separate commits.
Some changes only require a chain software upgrade, some change would require a vat upgrade, and one requires an upgrade of all vats to pick up a liveslots change. However the early harden should have no impact on the outcome of a program, and thus can be included when convenient.

@mhofman mhofman requested review from erights and gibson042 January 10, 2024 01:21
erights
erights approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@erights erights left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aside from my one question, the rest LGTM. Thanks!

@erights
Copy link
Member

erights commented Jan 15, 2024

ping? This seems all ready to merge.

@mhofman mhofman added the automerge:rebase Automatically rebase updates, then merge label Jan 15, 2024
@mhofman mhofman force-pushed the mhofman/explicit-harden branch from d3d8390 to aeaa62b Compare January 15, 2024 23:47
@mergify mergify bot merged commit 6e90d96 into master Jan 16, 2024
66 checks passed
@mergify mergify bot deleted the mhofman/explicit-harden branch January 16, 2024 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erights erights erights approved these changes

@gibson042 gibson042 Awaiting requested review from gibson042

Assignees
No one assigned
Labels
automerge:rebase Automatically rebase updates, then merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mhofman @erights