Skip to content

Conversation

@mhofman
Copy link

@mhofman mhofman commented Jul 10, 2024

Fix facy typo

Fix missing return needed by inc example

Some potentially controversial realm/agent changes.

@mhofman mhofman requested a review from kriskowal July 10, 2024 01:34
Hardening JavaScript improves a program’s integrity in the facy of
adversarial code in the same process.
Hardening JavaScript improves a program’s integrity in the face of
adversarial code in the same Realm.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

technically if adversarial code runs in another non locked down realm of the same process/agent, it could measure timing. Of course the ability run adversarial code in such a realm would need to exist in the first place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.


Hardened JavaScript does not protect the availability of a program.
Any party in the same realm, regardless of compartment isolation, can drop into
Any party in the same agent, regardless of compartment isolation, can drop into
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again this assumes that there exists multiple realms.

Copy link
Member

@kriskowal kriskowal Jul 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this document’s audience includes folks who aren’t intimate with the term “agent”, can I suggest “process”? I think “agent” and even “worker” suffer a distinction, where the spectre/meltdown mitigation needs a bona fide process boundary and a host could even have multiple “agent clusters” in a single process.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jul 10, 2024

Deploying hardenedjs-org with  Cloudflare Pages  Cloudflare Pages

Latest commit: 90160b6
Status: ✅  Deploy successful!
Preview URL: https://5f6c2658.hardenedjs-org.pages.dev
Branch Preview URL: https://mhofman-update-index.hardenedjs-org.pages.dev

View logs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants