Re: [wake-lock] Introduce rate limiting to prevent wake lock abuse (#124) from Reilly Grant via GitHub on 2019-04-08 (public-device-apis-log@w3.org from April 2019)

From: Reilly Grant via GitHub <sysbot+gh@w3.org>
Date: Mon, 08 Apr 2019 15:55:30 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-480891612-1554738929-sysbot+gh@w3.org>

My recollection is that acquiring a wake lock doesn't actually take an appreciable time at an OS level and at a browser level we simply maintain a count of the number of `WakeLock` instances that are active. It is theoretically possible to exploit the slightly longer delay associated with activating an OS level wake lock as a side-channel. This could be mitigated by adding a small delay before resolving the `Promise` returned by `request()`. For all practical purposes the uncertainty introduced by cross-process messaging may be sufficient to avoid the side-channel. This will have to be measured.

-- 
GitHub Notification of comment by reillyeon
Please view or discuss this issue at https://github.com/w3c/wake-lock/issues/124#issuecomment-480891612 using your GitHub account

Received on Monday, 8 April 2019 15:55:31 UTC