POLA Would Have Prevented the Event-Stream Incident
9 views
Skip to first unread message
Mark Miller
Dec 3, 2018, 5:36:06 PM12/3/18
to Discussion of E and other capability languages, cap-...@googlegroups.com, Google Caja Discuss
The npm / event-stream incident is the perfect teaching moment for POLA (Principle of Least Authority), and for the need to support least authority for JavaScript libraries.
Securing EcmaScript, presentation to Node Security
https://www.youtube.com/watch?v=9Snbss_tawI&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 is my presentation explaining many of these issues *prior to* this particular incident.
--
https://medium.com/agoric/pola-would-have-prevented-the-event-stream-incident-45653ecbda99 by Kate Sills (cc'ed) explains the point. The SES system Kate refers to is https://github.com/Agoric/SES , a reconstruction of the essence of the SES in Caja, redone for modern JavaScript. The other links at the end of Kate's article are also worth following. In particular:
Securing EcmaScript, presentation to Node Security
https://www.youtube.com/watch?v=9Snbss_tawI&list=PLKr-mvz8uvUgybLg53lgXSeLOp4BiwvB2 is my presentation explaining many of these issues *prior to* this particular incident.
At the recent (November 2018) tc39 meeting, I presented on the enhancements needed to support least authority for JavaScript modules and libraries, adequate to have prevented this incident.
Besides es-discuss
would be a good place to discuss these issues.
Cheers,
--MarkM
--MarkM
Neil Madden
Dec 4, 2018, 9:13:32 AM12/4/18
to e-l...@googlegroups.com, cap-...@googlegroups.com, Google Caja Discuss
A critical vulnerability has just been announced in Kubernetes (https://github.com/kubernetes/kubernetes/issues/71411) that also appears to be a confused deputy. I probably won’t have time myself, but a write-up of this issue would be another good POLA teaching opportunity in my opinion (e.g., use of capabilities/macaroons vs TLS client authentication to convey authority through a complex distributed system).
— Neil
> --
> You received this message because you are subscribed to the Google Groups "e-lang" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to e-lang+un...@googlegroups.com.
> To post to this group, send email to e-l...@googlegroups.com.
> Visit this group at https://groups.google.com/group/e-lang.
> To view this discussion on the web visit https://groups.google.com/d/msgid/e-lang/CAK5yZYjvAhd%2BWeDxEqmt5OV%2B6YNNzn0WKJKPEsO6gO2rXyehPw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
— Neil
> You received this message because you are subscribed to the Google Groups "e-lang" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to e-lang+un...@googlegroups.com.
> To post to this group, send email to e-l...@googlegroups.com.
> Visit this group at https://groups.google.com/group/e-lang.
> To view this discussion on the web visit https://groups.google.com/d/msgid/e-lang/CAK5yZYjvAhd%2BWeDxEqmt5OV%2B6YNNzn0WKJKPEsO6gO2rXyehPw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages