refactor: Decouple passable stack from lockdown with @endo/harden#2830
Closed
kriskowal wants to merge 8 commits intokriskowal-harden-1686from
Closed
refactor: Decouple passable stack from lockdown with @endo/harden#2830kriskowal wants to merge 8 commits intokriskowal-harden-1686from
kriskowal wants to merge 8 commits intokriskowal-harden-1686from
Conversation
kriskowal
force-pushed
the
kriskowal-bimodal-harden-1686
branch
2 times, most recently
from
504fcc1 to
598b8fd
Compare
kriskowal
force-pushed
the
kriskowal-bimodal-harden-1686
branch
from
3820183 to
3172153
Compare
kriskowal
force-pushed
the
kriskowal-harden-1686
branch
from
39f68f6 to
898a587
Compare
kriskowal
force-pushed
the
kriskowal-harden-1686
branch
from
898a587 to
f880999
Compare
kriskowal
force-pushed
the
kriskowal-bimodal-harden-1686
branch
from
3172153 to
04e1595
Compare
Member
Author
|
This is, for now, an abandoned design direction, see #2983 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs: #2983
Closes: #1686
Description
The change in #2782 introduces
@endo/harden. This change utilizes it in all applicable Endo packages so that they can run withoutlockdown. This does not completely eliminate a dependency onsesbecause@endo/errorsentrains a dependency on the globalassertprovided bysesor specificallyses/assert-shim.js.Security Considerations
This change should have no consequences for the security model of the relevant packages. We do rely on #2782 to preserve the invariant that
hardenwill never be used both before and afterlockdown, which it does not absolutely prevent but does strongly discourage.Scaling Considerations
This increases the size of bundles by the weight of the
@endo/hardenmodule. That could be mitigated with a-Cbundling condition like-C sessile(facetious) or-C hjs/-C hardenedjs.Documentation Considerations
Each of the affected packages has a note in its README that it can be used before or after
lockdown. Currently, they can only be initialized afterlockdownbecause of top-levelhardencalls on their module exports.Testing Considerations
Existing tests cover the post-lockdown case.
preparemodules to conditionally lockdown. That might imply generally supporting aNO_LOCKDOWNenvironment variable in@endo/initand@endo/lockdown.Compatibility Considerations
Apart from increasing bundle sizes, this change should have no effect on backward compatibility.
Upgrade Considerations
None.