►
From YouTube: SES Meeting: Secure Mode
Description
Santiago Díaz discusses Google’s proposal for mitigating data-only prototype-pollution-attacks.
In this meeting, Mark asked Santiago to use responsible disclosure for a possible case where Object.freeze does not maintain its invariants. Out-of-band, that investigation revealed a coding pattern that works as designed and does not violate any invariants: it is possible to overshadow a non-writable property up the prototype chain using definition semantics, but not assignment semantics. The frozen prototype does not change.
B
Kris
“cowbert”
kowal:,
you
don't
say
today,
is
may
24..
This
is
the
ses
meeting..
This
is
a
special
one..
We
have
been
planning
to
meet
up
with
santiago
diaz
of
google
to
discuss
the
proposal
for
prototype
pollution,
which
has
a
high
overlap
with
what
we're
working
on
with
lockdown
and
santiago..
Please
take
it.
Away.
C
Santiago:,
I
am
not
a
pc.
39,
delegate..
I
have
experience
working
on
web
standards
in
particular,
with
trusted
types.
and
csv,
at
google,.
We
do
a
lot
of
work
to
prevent
excess.
and
that's
how
we
get
to
pollution.
in
the
first
place,,
because
you
know,
in
the
web
platform.
Pollution
is
a
big
source
of
access.
C
Santiago:,
but
I
am
still
sort
of
finding
my
bearings
in
the
way
that
tc.
39
works
overall,,
and
I
have
one
observation
in
particular
that
I
want
to
share
with
all
of
you,
and
is
that
I
feel
like
well,.
There
are
a
lot
of
delegates
that
you
know,
have
opinions,
and
of
course,
experience
in
dealing
with
proposals..
I
have
felt
like
not
very
many
delegates
actually
interact
with.
C
Santiago:
the
proposal
itself,
right
in
terms
of
having
a
conversation
like
we're
having
right,
now,
or
opening
issues
on
the
github,
repository,
and
so
on,
and
so
forth.,
I'm
a
little
bit
afraid
that
there
isn't
enough
of
a
feedback
loop
to
make
significant
progress
on
the
proposal.,
and
that's
one
of
the
reasons.
Why
we're
here
today
to
sort
of
get
your
perception.
On.
on,
you
know.
ankle,
perry,,
with
ours.
C
Santiago:
and
try
to
figure
out
exactly..
You
know
where
we
are
on
the
same
page
and
where
our
interests
overlap,
right.,
so
I'll
I'll
I'll
say
that
much,
and
you
know
hopefully,.
If
you
see
that
at
any
point,
I
am.
you
know,.
There
is
so
information
that
you
can
give
me
about
how
tc.
39
works,
or
some
of
the
all
their
efforts
that
align
with
what
we're
proposing..
I
think
that
will
be
super
useful
feedback
for
me
to.
C
Santiago:
okay.,
so
here
is
a
list
of
high
level
points
that
I
extracted
from
the
conversation
that
you
had
previously..
I
think
there
was
a
little
bit
of
this
question
about
what
is
the
thread
model?
model
exactly
for
this
proposal..
This
is
a
bit
of
a
great
area,
and
I'm
going
to
try
to
share
with
you
where
we're
coming
from.
like,.
Why
is
this
correct
model
that
we
think
is,
you
know,
worth
addressing,,
because
you
would
make
a
significant
security
improvement
on
javascript
overall.
C
Santiago:
fixing
protected
pollution
can
be
done
at
a
few
different
sort
of
levels
on
the
stack..
So
we
consider
things
like
the
document
policy,,
which
is
another
spec
trusted
types,
doing
an
extension
to
javascript,
and
I
think
they
all
have
pros
and
cons.,
but
we
really
decided
to,.
You
know.
try
our
best
with
doing
a
you
know,,
proposing
a
direct
change
to
javascript,,
because
that
seems
like
the
best
place
where
we
can
fix
this.
This
class
of
issues.
C
C
C
C
Santiago:
and
then
the
last
one
is
basically
a
few
alternatives.,
and
this
is
mostly
an
update
of
what's
been
going
on
in
our
conversations
with
other
tc.
39
delegates,,
or
whether
these
particular
proposal
seems
doable,
seems,.
You
know
where
the
each
complexities
come
from,
and
so
on,
and
so
forth..
So
there
are
a
couple
of
alternative
options
that
I
think
would
be
worth
discussing,
and
maybe
some
of
them
have
to
do
with..
You
know,,
have
a
good
overlap
with
the
conversations
that
as
he,
as
folks
have
been
having
in
the
past.
C
C
C
Santiago:
this
is
the
minimal
code
sample
that
you
need
to
introduce
a
prototype,
pollution,
vulnerability..
The
idea
here
is
that
key
one
and
key.
2
are
controlled
by
the
attacker..
So
if
key
one
is
under
proto,,
an
object
inherits
from
the
object.
Prototype,
then
now
you're
standing
on
the
other
per
type,,
and
you
can
make
changes
to
it.
right?,
add
new
properties
or
override
existing
parties.
C
Santiago:,
so
this
is
really
important,
because
you're
not
really
using
any
apis.
you're,
not
making
any
special
changes
to
the
wrong
time..
This
is
just
pure,
naked
javascript,,
and
you
know
it
seems
like
a
very
let's
say,
role.
Example
to
yield
such
a
powerful
exploit,
right?
or
such
a
powerful,
older
activity.
C
C
C
Santiago:
well,:
we
can
talk
about
that
later,,
but
they
are
not
really..
They
don't
protect
against.
The
full
spectrum
of
protection..
Here
is
a
particular
example
that
is
a
vulnerability
that
got
reported
to
google
against
the
sanitizer
api..
You
might
have
heard
about..
This
is
something
that
browsers
are
working
on
at
the
moment.
C
C
Santiago:
and
the
verdict
for
this
book
was,
won't
fix.,
and
this
is
intended
behavior
right?,
and
this
is
arguably
correct,
because
the
sanitizer
api
is
really
not
doing
anything.
Wrong.,
there's
somebody
so
much
that
it
can
do
to
stop
this.
and
really,.
What's
going
on
here,
is,,
you
have
a
tainted
runtime..
The.
C
Santiago:
kind
of
underlying
assumptions
that
the
scientizer
api
logic
has
have
been
broken,
and
therefore
there
is
a
book
right?,
but
who
who's
at
fault-
here.
well,,
it's
not
really.
The
browser
is
not
only
the
sanitizer
api,
and
I
hope
that
this
exemplifies
a
little
bit..
You
know
why
we
think
there
is
really
not
much
the
browsers
we
can
do.
the
the
browsers
can
do
to
to
fix
this
right.
C
Santiago:,
the
second
one
is
that
we're
assuming
a
scenario
where
the
attacker
has
no
arbitrary
javascript
is
execution..
If
there
is
arbitrary
code
execution,
that's
more
or
less
game
over
in
this
threat
model
right,
here.,
we're
talking
about
a
data
only
attack
where
there
are
no,,
there's
no
inclusion
of
external
scripts..
There
is
no
calls
to
eval
that
kind
of
more
traditional
security,
vulnerabilities.
C
C
Santiago:,
I
think
this
is
an
important,,
an
important
point,,
because
we
will
see
a
couple
of
examples
of
books
that
people
tend
to
call
purple
time
pollution..
But
in
this
proposal
I
mean
the
threat
model
that
we're
building,,
those
are,
you
know,
would
would
not
be
considered
under
that
category.
C
Santiago:
one
of
these
examples.,
you
know,,
these
2
lines
are
used
in
some
public
blog
posts
to
explain
protest
pollution
where
you
basically
attain
the
object
prototype
to
include
a
body
with
some
arbitrary
value,,
and
then
you
call
fetch,
and
that
fetch
makes
a
post
post
request.,
but
that
post
actually
has
a
voting.
Right?.
C
Santiago:,
so
this
is
a
way
in
which
people
say,
part
time,
pollution
can
ex
filtrate,
data,
and
so
on
and
so
forth.,
but
this
really
doesn't
fall
on
their
the
per
type
version
description.
Simply
because
he's
not
a
data.
Only
attack.,
you
already
have
javascript
execution
by
the
point,.
You,
you
know,,
managed
to
do
this.
C
Santiago:
and
if
you
had
arbitrary
code
execution,,
you
wouldn't
need
the
fetch
call
in
the
first
place.,
because
you
could,
you
know,
chain
together
references
to
all
their
apis
and
ex
feel
straight
data
in
a
million
other
ways..
So
you
really
fetch
is
really
a
distraction
in
terms
of
what
tainting
the
runtime
is
doing
here
for
you.
D
D
D
D
C
Mark
s.
miller,
(mm,
agoric):,
so
I
I
think
our
perspective
has
been
that
the
prototype
pollution
is
a
subset
of
data,
only
attacks
which
do
include
other
techniques.,
but
just
the
the
reason
I'm
logging.
The
complaint
is
that
prototype
pollution
has
been
used
historically
without
the
data
only
restriction.,
so
you
know,.
I
think
that
that
the
category
of
attack
you're,
defining
is,
certainly.
D
E
E
E
D
D
E
D
D
B
B
C
C
Santiago:
and
notice
of
vulnerability,
itself.
right?,
the
the
prototype
solution
I'm
talking
about
here-
is
one
that
leads
to
code
execution..
So
once
you
already
have
code
execution,,
it
seems
like
you
have
bigger
problems
than
that
of
like
prototypes
being
immutable,
or
you
being
able
to
build
your
machines
by
modifying
prototypes.
D
D
D
D
C
D
D
C
Santiago:
okay,,
so
maybe
we
can.
I,,
I
agree,.
Maybe
we
can
move
on,
you
know,
using
this
terminology..
I
don't
think
we
need
to
stick
to
it..
So
if,
at
any
point
you
have
any
comments,
about,,
you
know,
that
wouldn't
fit
this
start
model.,
but
that
would
include
the
sort
of
on
trusted
code
bits.
I
think
that
would
be
useful
to
to,
you
know,
to
talk
about
as
well.,
so
you
know.,
I
think
we
can
be
flexible
and
play
by
here..
I
suppose.
C
C
Santiago:
there
is
a
single
receiver
in
the
statement
that
we
have
at
the
top
of
this
slide.,
but
that
receiver
can.
has
a
very
wide
blast
impact
radius
right?
because
it
can
affect
so
many
other
objects
at
runtime,
and
to
some
extent
the
impact
of
a
prototype
pollution
exploit
is
a
direct
function
of
how
many.
C
C
Santiago:,
it's
entirely
2
different
class
of
of
vulnerabilities
in
the
sense
that
one
gives
you
a
load.,
more
versatility
and
a
lot
more,.
You
know,
expert
primitives
than
the
other
right?,
and
some
of
the
solutions
that
we're
gonna
discuss.
They
are
geared
towards
protecting
the
built
in
prototypes,
and
some
others
will
be
here
towards
protecting
the
entire
port
type
chain
right?,
and
I
think
this
is
something
that
we
tend
to
conflict
with.
C
Our
conversations.
santiago:,
so
by
talking
about
a
spooky
action
at
a
distance,.
I
I'm
trying
to
generalize
this
idea
that
we
really
need
to
protect
the
entire
chain
to
stop
the
the
class
of
folks
from
happening..
It
may
be
that
the
solutions
that
we
have
for
that
are
not
super
practical,
and
we
might
have
to
by
the
bullet
and
protect
only
building
protests.,
but
that
should
be
a
decision
that
we're
conscious,
about,
and
that
we
make
let's
say,,
will
fully
right?.
C
Santiago:
yes.
and
then
the
last..
The
last
idea
that
I
want
to
put
forward.
is
this:
this
concept
of
the
surprise,
factor?
right?
of
course,
developers
rely
on
mutable
prototypes,
and
they
are
expecting,
perhaps,
to
be
there
to
do
their
job.,
but
it
seems
unreasonable
for
a
developer
to
expect
that
this
statement
that
we're
looking
at.
C
C
C
Santiago:,
whereas
if
I
write
a
statement
that
we
have
on
the
screen
it.
it
doesn't
that
that
intent
is
not
there,
right?,
with
the
exception
of
some
very
specialized
code
that
maybe
goes
reflection
or
deals
with
dynamic
objects,.
I
think,
we
hopefully
can
agree
that
the
vast
majority
of
code
bases
out
there
will
not
have
this
this
kind
of
code.,
and
so
you
know.,
I,
I
guess
we're
trying
to
solve
for
the
vast
majority.
C
Santiago:
yeah,,
I
think
maybe
mutable
is,
is
a
little
misleading
here,,
but
the
idea
that
the
chain,
the
chain
of
pert
is
mutable,
and
that
you
can,
that
the
prototypes
are
there
for
you
to
add,
properties
that
are
going
to
be
inherited,
and
you
might
choose
at
different
points
in
the
runtime's
life
cycle,
when
to
add
those
properties
is
something
that
developers
rely
on
right.
it's
it's
sort
of
the
expected
behavior
of
the
vertex
chain.
E
C
Santiago:,
so
this
is
a
super
important
question,
that
one
that
I
hope
we
can..
We
can
talk
more
about,
because
I
think
developers
expect
that
they
will
stay
mutable,,
but
it
seems
like
the
vast
majority
of
code
bases,
don't
actually
make
use
of
that
fact
right?.
So
to
them
it
seems
irrelevant
whether
it
stays
mutable
or
not,,
and
it
feels
like
that
is
something
that
we
will
exploit
to
fix.
This
class
of
vulnerabilities.
C
C
Santiago:,
you
know
they
will
determine
whether
we
make
that
compromise
or
not..
One
example
that
I
have
is
we've
seen
a
lot
of
developer
tools:
that.
do,
for
example,
halt
swapping.,
so
you
make
a
change
to
your
javascript
code,
and
that
changes
automatically.
hold
soft
on
your
browser.
So
you
can
see
you
know
the
effects
of
your
change.
Right?.
C
C
C
C
C
Santiago:,
as
far
as
we
can
tell,,
this
is
used
mostly
in
a
development
environment
where
you
don't
really
go
in
production
with
it..
There
have
been
some
really
niche
cases,.
As
I
said,
before,
of
applications
that
do
very
specialized
reflection.
or,,
you
know,
things
like
that..
They
seem
like
edge
cases.,
and
I
think
the
answer
that
I
would
give
to
the
question
today:
is,
you
know,.
They
are
in
the
realm
of
development
and
not
in
production.
C
D
D
D
D
D
D
Mark
s.
miller,
(mm,
agoric):,
when
we
mark
s.
miller,
(mm,
agoric):.
So
so
if
we
haven't
counted
any
failures
by
model,
by
modifying
built
in
prototypes,,
it's
certainly
been
very
rare
compared
to
failures
with
the
override
mistake
and
even
with
failures,,
with
the
override
mistake..
What
we
find
is
that
the
vast
majority
of
code
that
we've
tried
a
tremendous
amount
of
code
that
we've
tried.
D
C
Santiago:,
what
we've
noticed
is
that
there's
a
spectrum.
if
we
freeze
only
the
object
prototype,,
we
find
almost
no
breakages
whatsoever,,
because
not
a
lot
of
code
seems
to
rely
on
the
object:
prototype,
on,
like,,
you
know,,
adding
sort
of
global
state,.
I'm
gonna
call
it
on
the
global
prototype
for
everybody
to
access.,
but
the
more
we
add,
the
more
protected.
we
add
to
that
list
of
frozen.
You,
know,
prot,
types.,.
C
Santiago:,
so
once
we
get
into
the
more
you
know,
weird
edge
cases
of
like
the
regular
expressions
per
time,,
the
error,
prototype,
and
even
in
some
cases,
the
array
prototype
basically,,
the
more
we
act
to
it,
the
more
we
see
failures..
So
I
think
it
will
be..
Are
you
distinguishing
modifications
versus
the
override
mistake?.
C
C
Santiago:,
so
if
we
freeze
only
the
object
per
type,
we
don't
see
any
failures
on
that
application.,
but
if
we
do
the
object
per
type
and
the
right
prototype,
that
application
will
fail.
and
so
the
more
prototypes
you
free,,
the
more
likely
you
are,,
it
seems
to
find
a
failure,,
and
that
is
a
distinct
from
the
overall
mistake.
right?.
So
I
think
it
will
be
interesting
to
know.
C
C
C
Santiago:
yeah.
so
okay,.
So
let's
talk
a
little
bit
more
about
the
override
mistake..
I
think
that's
a
that's.
I
really
would
say.
and
you
know
what
what
we
mean
by
deployable
security..
I
think
there
might
be
a
a
few
gas
here
between
the
language
design
that
you
folks
do
at
hardened,
js.
and
and
tc.
39,,
and
the
kind
of
security
features
that
we
have
designed
with
browser
vendors
outside
of
javascript..
So
I
think
it
would
be
interesting
to
see
exactly
what
that
cap
is.
C
Santiago:,
this
is
our
idea
of
an
ideal
solution..
The
first
thing
that
I
want
to
call
out
here
is
that
it
should
be
opinionated..
We
think
that
it
is
very
likely
that
frees
or
other
such
apis
might
not
see
huge
numbers
in
terms
of
adoption,,
because
they
really
require
the
developer,
to
know
to
be
an
expert
in
the
program.
Space
right?.
C
C
Santiago:
and
even
when
you
try
to
think
about
the
problem
of
okay,,
let's
say
that
a
developer
really
understands
free,
and
that
the
override
mistake
doesn't
exist..
They
want
to
protect
as
much
as
they
can,,
so
they
really
have
to
go
for
all
the
building
prototypes,
and
now
they
have
to
gather
a
list
of
application
to
find
prototypes,
and
they
have
to
call
free
on
each
one
of
them..
That
is
a
significant
amount
of
work
that
they
need
to
do
to
make
this
happen.,
and
this
needs
to
happen
for
every
application.
Right?.
C
C
Santiago:
there
are
a
couple
of
other
of
these..
I
I
think
I
maybe
it's
not
worth
going
in
detail
about
all
of
them.,
but
basically
we're
trying
to
any
for
a
solution
that
you
can
just
deploy
with
minimal
or
no
changes,,
and
I
think
there
are
some
advances
in
that
direction..
So
progress
in
that
direction.,
but
we're
not
really
quite
there
yet.
C
Santiago:
at
the
moment,,
I
think
you
know,.
Let's
talk
about
effectiveness
in
that
in
a
in
a
second
is,
is
part
of
what
we
were
talking
about:
before,
right,,
like
depending
on
your
threat,
model,.
You
will
think
that
a
solution
is
more
or
less
effective.
right?.
So
maybe
the
solution
that
we're
proposing
here,,
which
is
only
for
data.
only.
prototype
pollution
attacks,
will
work
in
that
bubble,.
But
maybe
not
in
the
case
where
you
have
on
trusted.
Javascript
right.
C
Santiago:
and
then,
finally,
there
is.
there
is
some
weirdness
currently
with
sloping
mode
and
strict
mode
in
the
sense
that
if
you
freeze
things
in
sloping
mode.,
you
really
won't
realize
that
your
assignments
didn't
take
place
because
there
are
silent,
errors,
and
that
has
been
very
bad
for
developer
experiences.
and,
for
you
know,
to
see
these
apis
being
adopted
more
widely
at
google..
Certainly,
we
have
decided
not
to
go
with
some
of
these
options,
because.
C
C
Santiago:
over
overlap
them
with
what
freezing
looks
like
nowadays.,
so
I
just
talked
about
freezing,
not
being
opinionated,
and
that
being
a
a
blocker
for
adoption,.
I
guess
we
can..
We
can
go
beyond
that.
currently,.
The
overall
mistake,
is,
of
course,,
probably
the
most
important
issue
that
freezing
has,.
Apart
from
a
few
different
issues..
I
think
we
have
already
touched
on
a
couple
of
them.
C
C
C
C
Santiago:
in,
you
know,
2,
3
months
after
implementing
this,,
because
the
freezing
point
moved.
and
so,
you
know,,
combine
that
with
the
debugging
experience
of
sloping
mode
and
straight
mode
and
the
override
mistake,,
it
really
doesn't
make
freezing,
that
appealing
to
a
developer,
who
just
wants
to
focus
on
writing
their
code
without
worrying
about
all
this
weirdness
with
with
birthday
pollution.
C
C
Santiago:
get
a
reference
to
that
object
and
to
that
secret
and
read
them
right?,
you
don't
actually
make
any
changes
to
the
runtime..
You
don't
take
the
runtime,,
but
you
use
the
like.,
the
the
surprise
factor
or
bracket
notation
to
get
a
reference
to
other
objects
and
read
their
secrets.,
so
that
is
a
very
rare
type
of
attack..
We've
seen.
Maybe
a
couple
of
examples
of
this
in
the
wild.
C
Santiago:,
I
don't
know
if
those
attacks
are
worth-
let's
say
our
ideal
breaker
in
terms
of
the
solutions
that
we're
discussing,,
but
it's
important
to
to
bear
them
in
mind.
and
there's.
There
has
been
one
case
only
of
this
attack
that
we're
calling
function,
swapping,,
which
is
quite
interesting.
actually.,.
C
Santiago:,
they
use
record
notation
of
these
sort
of
gadgets
that
lead
to
protein
pollution,
to
take
the
includes
on
a
race
and
assign
it
to
the
includes
on
strings.
right?.
So
that
means
that
they
logic
for
includes
changes.,
and
you
can
sort
of
turn
the
application
logic
on
to
itself
by
using
that
trick.
right?,
so
you're
not
actually
tainting
anything.
you're,
not
adding
any
properties
or
changing
existing
ones.
you're,
just
sort
of
swapping
functions.
Around.
C
Santiago:
and
and
you
know,,
taking
some
advantage
from
that
again.-
this
is
extremely
rare..
It,,
like
the
stars,,
need
to
be
aligned..
I
I
don't
think
this
is
a
a
deal
breaker,,
but
I
thought
this
was
probably
a
a
a
good
couple
of
examples
of
the
types
of
attack
that
will
be
left
behind
when
you
know
if
we
decide
to
improve
free
thing,
or
have
a
super,
frozen,
mode,
or
or
something
like
that.,
so.
D
D
C
C
Santiago:
done
on
a
prototype
by
part
time
basis,
and
that
developer
needs
to
know
what
prototypes
are
worth
freezing,
and
how
to
freeze
them,
and
when
to
freeze
them..
So
in
the
status
quo,
it
is
very
likely
that
many
applications,,
as
we've
seen
them,
freeze
the
object
per
type.,
but
don't
freeze
anything
else.
and
these
attacks
still
happen
even
on
applications
that
consider
themselves
hardened
by.
C
D
C
C
C
Santiago:,
but
we
go
back
again
to
the
argument
that,
in
order
for
that
to
happen,,
the
developer
really
needs
to
know
what
prototypes
to
freeze.
in
the
first
place,
right?.
As
long
as
you
leave
these
responsibility
to
the,
to
the
developer,
where
there
might
freeze
the
object,
prototype,,
but
not
anything
else.,
you
have
this
possibility
open,,
which
is
that
secrets
are
going
to
be
put
in
prototypes
that
are
not
the
object.
Prototype.
right?
okay?
good.,
good.
so..
So
I
understand
both
of
these.
thank
you.
C
Santiago:
excellent.,
so
I
think
perhaps
the
most
important
part
about
freezing
objects
in
2,023
is
that
the
override
mistake
is
actually
a
bypass
to
freeze
right..
There
are
situations
that
we've
seen
in
the
wild,
where,,
as
I
said,
before,
an
application
for
some
of
its
prototypes.,
and
you
know,,
though
the.
C
D
D
Santiago:
but
doesn't
otherwise
enable
attack..
So
you
talk
about
the
the
attack
being
to
induce
a
throne
exception
to
prevent
progress.
no,
no,
this
is,.
This
is
exactly.
It
might
have
been
good
to
to
add
an
example
here,,
but
there
are
certain
constructs
that
will
allow
you
to
set
properties
on
frozen
prot
types,,
even
if
yeah,,
even
if
they're
frozen.
C
B
C
C
Santiago:
and
now
in
the
child
class,,
you
get
2,
distinct
behaviors..
If
you
try
to
set
that
property
in
the
constructor,
or
if
you
try,
to,
or
if
you
set
the
property
to
null
outside
of
the
constructor,
and
then
set
a
value
on
the
constructor..
That
is
a
specific
case
that
we've
seen,
where,.
If
you
do
the
second
thing
that
I
described,,
which
is
setting
it
to
know
outside
of
the
constructor,
and
then
setting
it
in
the
constructor.
C
D
D
D
D
C
C
Santiago:,
I
will
definitely
prepare
an
example,,
maybe
added
to
the
notes.
After
after
these
meetings
over.
and
you
know,,
maybe
we
can
follow
up
on
that..
There
might
be
an
implementation
bulk.
or
maybe
this
is
you
know,.
The
the
bypass
is
not
as
as
complete
as
I'm
describing
it
here..
So
I
think
it's
it's
definitely
their
point
that
we
need
to
collect.
right.
B
B
B
C
Santiago:
he
said
completely.,
let's
say
the
9
run
of
the
mill
creation
of
a
child
class.
that
simply
sets
a
property
on
the
constructor,
and
it
doesn't
do
anything,,
especially
on
it.
okay,.
So
so
one
thing
that
is
likely
to
occur
from
this
investigation,.
I
am
also
interested
in
seeing
that
exact
example..
But
it
sounds
to
me
like
it's
a
not
a
prototype
pollution,
but
an
instance
pollution,,
the
that
it's
possible
because
of
subclassing..
Is
that
sound
like
a
good
characterization?.
C
B
B
D
D
C
Santiago:
yeah.
santiago:
yes,,
maybe
something
that
we
can
it..
It
is
also
related
to
fixing
the
so
I
guess
you
know,,
if,
regardless
of
whether
the
bypass
is
full,-
or
maybe
I
I
can
imagine
that
it
could
be
a
situation
where
you,
the
assignment,
actually
doesn't
through,,
but
it
is
also
not
effective.
D
D
D
C
Mathieu
hofman:,
I
I
have
a
general
derivation
rewarding
freezing
objects..
I
I
think,
in
general,
on
our
side..
When
we
talk
about
freezing
the
intrinsics,
we're
we
wouldn't.,
we
would
not
ever
like
recommend
just
using
object,,
not
prototype
with
freezing
every
intrinsic
that
exists
in
the
environment.
B
Kris
“cowbert”
kowal:-
let's,
let's,
let's,
let's
run
to
the
end,
because
there's
a
possibility
that
there's
a
very
strong
possibility
that
the
attacks
that
santiago
is
seeking
to
prevent
are
in
a
in
a
in
a
different
category
than
the
ones
that
we're
that
that
fit
within
the
object
capability
model
and
we're
low
on
time
for
slides.
so
and
I'm
eager
to
see
us
run
to
the
end
of
the
presentation..
If
it
we
have
to
continue
at
next
time..
That
would
be.
C
C
Santiago:,
so
the
original
proposal,
and
the
way
that
it
was
explained
in
tc.
39..
This
causes
this
concept
of
a
secure
mode
right,,
and
this
has
been
the
source
of
of
much
confusion..
There
is
a
note
on
the
proposal
that
talks
about
how
the
word,
the
words
secure
mode
are
really
misleading,
first,,
because
it's
not
entirely
like
he's,
not
clear,,
secure
against
what.
C
C
Santiago:
sloping
mode
or
strict
mode,
and
simply
feature,
right,,
which
is
a
feature
of
like,.
Let's
call
it
a
super
frozen,
feature.
naming
is
hard
and,
and-
and
you
know,
we
called
it
mode.
and
I
think
one
of
the
things
that
you've
discussed
is
that
there
are
other
problems
that
are
discussing,,
maybe
tc,
39,,
maybe
hard,
and
js..
C
Santiago:,
so
for
this
proposal,
and
for
this
class
of
attacks,
our
intention
was
not
to
introduce
a
new
mode..
I
have
been
in
close
contact
with
the
v
8
team
and
talked
about
the
complexities
of
different
implementations,,
and
since
I
I
you
know,
read
the
transcript
for
for
your
previous
conversations..
I
brought
this
to
them,
and
I
think
the
general
consensus
is
that
implementing
a
new
mode
is
a
carries.
Huge
engineering
cost
and
complexity,
right?.
C
C
Santiago:
there
may
be
a
different
case
to
be
made
about
about
different
classes
of
problems
that
can
be
solved
by
introducing
a
new
mode.,
and
maybe
current
technology
can
benefit
from
that..
But
when
we
compare
the
solutions
that
we
have
for
this
particular
problem,
with
the
cost
of
implementing
a
new
mode
to
solve
that
problem,
that
doesn't
seem
like
a
good
trade
off..
That
is
not
a
good
balance
in
terms
of
you.
Know,
implementation,
cost.
C
Santiago:,
instead
of
talking
about
a
mode,
we
should
change
the
proposal.,
and
I
was
gonna
do
this
today.,
but
I
wanted
to
talk
to
you
all
before
for
the
sake
of
transparency..
What
we
really
want
to
talk
about
is
feature
flags.
and
how
can
you,,
when
you
introduce
a
backward,
a
change
that
is
not
backward,
compatible??
How
do
you
introduce
and
know
that
allows
the
developer
to
say,?
I
want
to
opt
into
this,
right?.
C
Santiago:
we
looked
into
different
ideas,,
a
different,,
maybe
using
a
directive.,
maybe
using,.
You
know,
there's
a
few
different
ideas
under
written
on
the
proposal,,
and
I
think
we've
landed
on
the
idea
that
an
out
of
band
flag
is
the
right
way
to
do
this.,
and
this
is
b
header,
or
a
command
line
argument
depending
on
where
you
are
executing
seems
like
the
best
way
of
doing
it.
250.
C
C
Santiago:
in
terms
of
using,
of
pushing
for
a
secure
mode
to
solve
for
definition.,
I
don't
think
that's
a
big
hammer
to
to
solve
a
a
small
problem
to
to
it
that
way,
and
I
really
wanted
to.-
be
explicit
about
this,,
because
I
think
there's
been
some
confusion.
There,
that
you
know,
we,
we
have
been
proposing
being
the
introduction
of
that
secure,
mode.
C
Santiago:
yeah,,
I
don't
know
if
there
are
any
comments
about
that,
but
beyond
that,.
The
last
slide
that
I
have
of
this
one.
sorry
about
that..
The
last
slide
that
I
have
is
this,,
which
is
basically
just
a
comparison
of
the
proposals
that
we
have
the
moment
and
what's
going
on
with
them..
This
is
basically
a
meaning
update
of
what's
been
going
on
since
our
conversation
back
in
february
or
march
to
today.
C
C
C
C
C
Mathieu
hofman:
in
order
to
get
an
working
exploit..
So
I
I
I'm
I'm
raising
this
because,
for
example,.
We
have
a
an
including
on
on
our
side
that
allows
expressing
a
well
known,
symbol.
that,.
I
includes
it
well
and
simple
as
a
straight..
So
if
you
parse
that
all
of
a
sudden
you
get
back
to
this,
to
to
the
case
where
you
can
walk
prototypes
and
the
scriptures
through
symbols.
C
Mathieu
hofman:,
I
see.
that's
a
that's
a
very
good
point.
if
we
could,,
if
I
could
get
any
references
to,
I
don't
know
if
you're
talking
about
a
hypothetical
future
proposal,
or
something
that
is
actually
happening.,
I
mean,
it's
an
application,
and
it's
an
application
level
of
data..
So
it
is
just
that
we
support,,
including
well
known,
symbols
as
straight.
E
C
C
C
C
Santiago:,
there
is
a
proposal
that
kevin
has,
that
is
sort
of
a
you,
know,
a,,
a
variant
of
this,,
and
I
think
he's
he's
talked
about
this
in
in
other
contexts
as
well,,
which
is
to
exotically
reject
new
properties
on
set,,
which
is
just
a
a
way
to
bypass
the
override
mistake.
right?.
It's
it's
kind
of
implementing
what
the.
C
Santiago:,
if
we
didn't
happy
over
a
mistake.,
this
is
the
world
we
would
live
in
it..
It
has
some
of
the
same
problems
of
freezing.,
but
it
is
decidedly
a
good
option
that
we
can
use..
It
doesn't
solve
all
the
problems
that
the
original
proposal
aims
to
solve.,
but
it
it
is..
It
is
something
that
we
can
definitely
consider.
C
C
Santiago:
might
have
misleading
results,
because
I
believe
there
was
some
piece
of
code
in
low
dash
that
triggered
some
metrics
and
that
inflated
artificially
the
results
of
the
experiment.,
I'm
not
entirely
sure,
what's
going
on
there,.
But
I
think
there
is
no
canonical
answer
to
how
common
is
the
over
and
mistake
in
the
wild.
C
D
D
D
Mark
s.
miller,
(mm,
agoric):,
if
you
fixed
the
override
mistake.,
what
code
would
fail
as
a
result
of
fixing
the
override
mistake?,
it's
sort
of
it's
even
the
opposite..
It
means
that
for
the
for
the
code
that
I
was
talking
about.,
if
there
was
no
override
mistake,
or
if
the
override
mistake
were
fixed,,
then
those
failures
would
not
have
happened.
That
code
would
have
continued
to
work.
C
C
Santiago:,
whether
the
overlay
mistake
can
be
fixed,
how
it
should
be
fixed,
and
whether
that
will
be,,
you
know,
break
a
large
number
of
of
code
bases
or
not..
So
I
put
this
at
the
bottom
because
it
seems
like
these
might
be
sort
of
a
problem,,
a
a
solution
to
a
subset
of
problems
that
doesn't
actually
solve
prototypes
as
a
whole.
C
C
C
B
B
Kris
“cowbert”
kowal:,
it
sounds
like
there
is
a
great
deal
of
common
ground,,
regardless
of
whether
you
go
all
the
way
on
any
particular
approach..
It
sounds
like
we
want
to
come
up
with
a
solution
that
shares
some
common
rails
at
the
very
least,,
because
they're,
obviously
graduated
levels
of
opt-in
that
might
be
necessary.
B
B
Kris
“cowbert”
kowal:
you
know.
excellent!,
mark
s.
miller,
(mm,
agoric):.
Let
me
let
me
toss
in
one
possibility
to
free
for
you
to
think
about,
which
is,
since
you're
talking
about
feature
flags
as
with
the
for
opting
into
a
change
in
behavior..
Even
if
there
is
some
code
out
there,
that
would
break
if
you
fix
the
override.
mistake.
D
C
Santiago:
it.,
it
probably
means
that
fixing
the
over
a
mistake
could
not
scale..
It
would
not
apply
to,.
You
know,
the
the
majority
of
code
bases.,
but
I
think
if
it
comes
to
the
realization
that
we
cannot
implement
a
proposal
that
fixes
all
of
the
variance
of
protection,
and
then
we
should
only
be
fixing
the
most
common
variance,,
which
are
those
where
you
attack
the
building
prototypes
or
a
subset
of
them..
C
C
C
B
B
Kris
“cowbert”
kowal:,
if
necessary.
santiago:,
I
would.,
I
would
like
to
with
that
comment.,
and
you
know
I
don't
want
to
hold
you
back
anymore.,
but
with
that
coming,
I
will..
I
want
to
leave
you
all
with
also,
sort
of
an
open
in
the
question
I
need
whether,.
You
would
be
in
favor
of
creating
some
kind
of
construct
that
allows
us
to
have
a
more
opinionated
way
of
freezing.
C
B
Kris
“cowbert”
kowal:
our
position
at
the
moment.,
kris
“cowbert”
kowal:
and,
of
course
I
want
to
make
sure
that
we're
open
to
having
a
broader
conversation
about
what
we
can
do
going
forward
that
might
embrace
other
needs..
But
what
we
do
at
the
moment
with
the
session
and
another
sess
like
environment,,
the
hardened
javascript,,
if
you
will,
is
that
we
transitively
freeze.
B
B
Kris
“cowbert”
kowal:,
so
that's
a
ray,
object,,
etc.
anything
that
we
are
willing
to
give.
a
guest
program
is
frozen
and
anything
else
is
open
ended,
and
it's
up
to
the
application
author
to
advance
the
to
advance
the
line
of
what
is
frozen..
It's
also
the
responsibility
of
a
library
author
to
write
to
harden
their
own
libraries..
If
the
objects
that
are
shared
by
that
library
are
passed
between
mutually
suspicious
parties.,
that
is
to
say,
it
isn't.
B
Kris
“cowbert”
kowal:,
it
isn't
a
silver
bullet..
It's
a
concern
that
the
application
author
has
to
carry
with
them.,
but
there
are
also
like
gradient..
Also
within
our
model,.
There
are
graduated
levels
of
concern.,
but
there's
a
lot
that
can
be.
a
lot
can
be
addressed
by
running
third
party
dependencies,
for
example.
B
C
E
E
Mathieu
hofman:,
so
that's
what
chip
mentioned.
we're
if
you
define
in
the
class
or
you
export
a
function
at
the
place
where
you
define
it
or
export
it,
or
whatever
you
you,
you've
hardened
it
as
well,
and
it
even
for
instances
it..
The
best
practice
is
to
harden
instances
as
well.,
because
in
general
we
keep
states,,
not
as
properties
of
the
instance
itself.
E
E
A
Chip,
morningstar:
pardon
everything
by
default,
and
then
selectively
make
decisions
about
what
things
are
not
going
to
be
hardened,
as
opposed
to
the
problem
that
you
were
talking
about
at
the
beginning,
which
is,
you
know,.
How
does
the
developer
decide
which
things
to
freeze.
you
know,,
because
obviously
you
could,,
you
could
just
miss
something.,
but.
A
Chip
morningstar:,
since
most
of
the
time
having
something
be
frozen
or
not..
The
code
that
interacts
with
it
is
indifferent
to
that.
so
having
having
the
baseline
be,.
Everything
is
hardened,
and
then
and
then
making
being
more
selective
about
what
you
ease
up.
On.
turns
out,
there's
way
fewer
decisions.
You
have
to
make.
when
you're
working
in
that
mode.
C
E
B
Mathieu
hofman:
which?,
kris
“cowbert”,
kowal:
well,
in
any
case,.
There
is
a
ladder,
and
at
the
base
of
the
that,
it
would
be
nice
to
help
people
at
the
base
of
the
ladder,
and
as
well
as
the
people
who,
by
necessity,
have
to
go
to
the
top
of
the
ladder
in
order
to
run
arbitrary
guest
code
inside
of
their
application,,
which
is
not
what.
B
C
Santiago:
yeah,
on
the
note
of
supply
chain.
Attacks.,
there
is.,
I
think,
the
you
know.
there's
places
where
we
haven't
been
able
to
freeze
their
own
time,,
because
some
third
party
library,,
you
know
your
call-
is
well
behaved,,
but
the
libraries
that
you
use
are
not,
and
there's
only
so
much
control
you
have
as
a
developer.
right?,
not
everybody
is
gonna,
create
a
full
request
on
the
on
the
library
schedule,
page.,
so
yes,.
Those
are
all
kind
of
blockers
for
the
for
for
adoption.