Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shared Symbol intrinsic #1577

Closed
kriskowal opened this issue May 4, 2023 · 1 comment · Fixed by #1579
Closed

Shared Symbol intrinsic #1577

kriskowal opened this issue May 4, 2023 · 1 comment · Fixed by #1579

Comments

@kriskowal
Copy link
Member

Currently, Compartments share globalThis.Symbol with the start compartment, the realm global environment. Consequently, if the host has any symbols that are not recognized by SES’s permits, Lockdown will fail.

We should instead create a separate Symbol shared intrinsic, like the repaired Function or Date, that shares the global prototype of Symbol, disables the shared prototype constructor, and only includes the symbols that SES will permit in shared compartments.
@erights
Copy link
Contributor

erights commented May 4, 2023

Clarification: The reason why lockdown will fail is because these well-known-symbol properties are non-configurable. Otherwise our whitelist mechanism would safety remove them.

This was referenced May 4, 2023
Merged
Merged
@mhofman mhofman mentioned this issue May 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ses): tame Symbol so whitelist works endojs/endo
2 participants
@kriskowal @erights