Re: [whatwg] Handling out of memory issues with getImageData/createImageData from Mark S. Miller on 2015-09-27 (public-whatwg-archive@w3.org from September 2015)

From: Mark S. Miller <erights@google.com>
Date: Sun, 27 Sep 2015 08:31:51 -0700
To: Niels Keurentjes <niels.keurentjes@omines.com>
Cc: Justin Novosad <junov@google.com>, WHAT Working Group <whatwg@whatwg.org>, Mark Miller <erights@gmail.com>
Message-ID: <CABHxS9ggKOAn7URh+qp4b2HG3Rg-3rkxNo97F8GwCthzwXXwkw@mail.gmail.com>

On Sat, Sep 26, 2015 at 3:33 PM, Niels Keurentjes <
niels.keurentjes@omines.com> wrote:

> >
> https://esdiscuss.org/topic/using-max-stack-limit-to-determine-current-js-engine-and-revision#content-7
> > indicates there may be security issues with throwing out-of-memory
> exceptions.
>
> That's hardly worth considering. The technique described there for
> fingerprinting


Please read beyond the title. The important issue is not fingerprinting or
information leakage. It is loss of integrity.



> is interesting from a theorist's perspective, but exposing no data that
> cannot already be more reliably extracted from navigator.userAgent with a
> simple regex.
>
> An out-of-memory in a sandbox is just exposing information about the
> sandbox, and worth nothing therefore if the sandbox version itself isn’t
> already compromised, at which point the user is generally screwed anyway if
> he didn't patch in time. Being able to detect a vulnerability is not a
> prerequisite for exploiting it.
>
> Niels
>
> -----Original Message-----
> From: whatwg [mailto:whatwg-bounces@lists.whatwg.org] On Behalf Of Anne
> van Kesteren
> Sent: zaterdag 26 september 2015 16:35
> To: Justin Novosad <junov@google.com>
> Cc: WHAT Working Group <whatwg@whatwg.org>; Mark Miller <erights@gmail.com
> >
> Subject: Re: [whatwg] Handling out of memory issues with
> getImageData/createImageData
>
> On Fri, Sep 25, 2015 at 4:48 PM, Justin Novosad <junov@google.com> wrote:
> > Currently there is no spec'ed behavior for handling out-of memory issues
> > for the specific case of attempting to allocate a large buffer through
> > image data APIs.
>
> Actually, there is no specified behavior for out-of-memory behavior,
> period. This is a problem that starts with the ECMAScript standard and
> everything that builds upon it.
>
> I have seen Mark Miller discuss some of the issues surrounding this
> and perhaps even the necessity to eventually define it, but so far
> this has not happened. Not sure if the full story is documented
> somewhere. Mark?
>
>
> https://esdiscuss.org/topic/using-max-stack-limit-to-determine-current-js-engine-and-revision#content-7
> indicates there may be security issues with throwing out-of-memory
> exceptions.
>
>
> --
> https://annevankesteren.nl/
>



-- 
    Cheers,
    --MarkM

Received on Sunday, 27 September 2015 15:32:19 UTC