domenic at domenicdenicola.com (2014-10-05T23:37:33.978Z)
On Sun, Sep 28, 2014 at 5:59 AM, Axel Rauschmayer <axel at rauschma.de> wrote: > Out of historical curiosity: was `Function.arguments` ever useful for > anything? It was useful to illustrate some attacks http://research.google.com/pubs/pub37199.html. If we had not successfully prohibited arguments from non-sloppy functions, or if we had not successfully prevented sloppy function from being accessible in SES, then it would have been useful for actual attacks. > Why not simply use `arguments`? Because the attacks relied on obtaining the arguments from a function that was not trying to disclose these arguments.
On Sun, Sep 28, 2014 at 5:59 AM, Axel Rauschmayer <axel at rauschma.de> wrote: > Out of historical curiosity: was `Function.arguments` ever useful for > anything? > It was useful to illustrate some attacks < http://research.google.com/pubs/pub37199.html>. If we had not successfully prohibited arguments from non-sloppy functions, or if we had not successfully prevented sloppy function from being accessible in SES, then it would have been useful for actual attacks. > Why not simply use `arguments`? > Because the attacks relied on obtaining the arguments from a function that was not trying to disclose these arguments. > > On Sep 28, 2014, at 6:51 , John Lenz <concavelenz at gmail.com> wrote: > > I took a look at Google's internal code index for reference to > Function.prototype.arguments and turned up many references to it > (PhpMyAdmin, some Intel benchmark, some internal code, etc). This is only > code used internally at Google (or was at one time) and not by any means > an index of the entire web, but it does use the Closure Compiler and type > information to accurately find references. These are not just simply > references to an "arguments" property but are references to the "arguments" > property off of objects know to be functions. These references roughly > (from my quick perusal), were about 50% were V8 or similar unit tests, 25% > references that could be trivially replaced with a reference to the active > function's "arguments" variable, and 25% were doing something tricky > (Function.caller.arguments, someevent.handler.arguments). > > I'm sure you didn't expect that there would be zero breakage, but I wanted > to give you a heads up that there might be more than you expect. > > > > On Sat, Sep 27, 2014 at 11:38 AM, Oliver Hunt <oliver at apple.com> wrote: > >> Hi all, as a heads up we’re going to be doing an experiment in our tree >> to see if we can kill off the function.arguments property entirely. >> >> We’re super hopeful we can make it go away safely, and we’ll post a >> follow up when we have some actual information about what happens. >> >> If you’re interested in following directly you can track the bug: >> http://webkit.org/b/137167 >> >> —Oliver >> > > -- > Dr. Axel Rauschmayer > axel at rauschma.de > rauschma.de > > > > > _______________________________________________ > es-discuss mailing list > es-discuss at mozilla.org > https://mail.mozilla.org/listinfo/es-discuss > > -- Cheers, --MarkM -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140928/f81b95bd/attachment.html>