[Webkit-unassigned] [Bug 181636] Put some distance between objects from different origins and between objects that have different poisoning rules
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 14 10:07:18 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=181636
--- Comment #2 from Filip Pizlo <fpizlo at apple.com> ---
So, in this world, you'll be able to:
1. Specify that your data structs that you're using to hold all of your dangerous ints and unpoisoned pointers has a HeapCellType with a security token that differs from the security tokens of objects directly reachable by the user.
2. Give each JSGlobalObject its own ThreadLocalCache, give each one its own security token, and then context-switch ThreadLocalCaches when switching origins.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180114/f9db1e3b/attachment-0001.html>
More information about the webkit-unassigned
mailing list