- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Tue, 05 Jul 2022 21:17:33 +0000
- To: public-webrtc-logs@w3.org
> If `CropTarget()` is vulnerable to resource exhaustion attacks wouldn't that imply that`CropTarget()' could fail (e.g. due to lack of resources)?
Causality runs the other way: Letting CropTargets fail allows for implementations vulnerable to exhaustion attacks. Not doing so, doesn't.
A sensible implementation should be invulnerable to resource exhaustion attacks, by simply not tying resources to a token so easily created by anyone.
> Moving some or all resource allocation to `CropTo()` could result in the resource allocation arising later (in `CropTo()` instead of `CropTarget()`). So depending on where the resource allocation is done, couldn't either or both of `CropTarget()` and `cropTo()` fail, for similar reasons?
What resource allocation is needed? A sensible `cropTo` implementation can use IPC to find the element it's supposed to crop to without consuming any finite resources. Also, `cropTo` is behind `getDisplayMedia` permission.
Chrome has implemented a neat but premature optimization, and refuse to implement the fallback needed to hide the resource exhaustion they’ve exposed themselves to.
I don't find the idea that creating a `{}` crop target will ever take appreciable time convincing.
--
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-region/issues/17#issuecomment-1175507221 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 5 July 2022 21:17:35 UTC