Odd, unexpected behavior from globalThis

28 views
Skip to first unread message

Thomas Greco

unread,
Sep 13, 2023, 1:00:01 AM9/13/23
to SES-strategy
Note: I was initially posting this as an issue in the endo repo, but for security concerns, I thought it was best to post here.

I was preparing some educational content on the topic of ses and, more generally, writing defensively consistent programs when I came across some behavior that I was surprised to see.

The behavior:  When `globalThis` is passed into `Object.isFrozen`, it returns false.

I had been under the impression that, once lockdown is invoked, `globalThis` along with any JavaScript primordials, will be made immutable. I still believe this is expected behavior. Text passages such as the one below uphold this claim as well, so opening this issue to get some clarity on the matter.

https://github.com/endojs/endo/blob/f891df0cb180d2296ae9f671af10fcdc8b24b209/packages/ses/docs/reference.md?plain=1#L85-L93

I've created a gist linked below containing a test file showing this. I was executing this within endo/packages/ses/test; however, I initially came across this problem in a directory outside of endo.


Thomas Greco

Jordan Harband

unread,
Sep 13, 2023, 2:20:00 AM9/13/23
to Thomas Greco, SES-strategy
In which engine? In node, freezing `globalThis` and then `Object.isFrozen(globalThis)` returns true. In Safari and Chrome, Object.freeze(globalThis) throws. I assume it does the same thing in Firefox.

In browsers, any new HTML element with an ID that doesn't already exist as a global will become one; as such, I assume the global is exotic in browsers and simply can't be frozen.

--
You received this message because you are subscribed to the Google Groups "SES-strategy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ses-strategy...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ses-strategy/385a7a0a-cffa-42ae-8860-98f2ece22750n%40googlegroups.com.

Thomas Greco

unread,
Sep 13, 2023, 11:55:37 AM9/13/23
to SES-strategy
This occurs while using node v18.17.0.

I've taken a recording showing the behaviors that I've added here. Please let me know if it's inaccessible for anyone. 


Thomas Greco

Dan Connolly

unread,
Sep 13, 2023, 7:03:23 PM9/13/23
to Thomas Greco, SES-strategy
On Wed, Sep 13, 2023 at 12:00 AM Thomas Greco <t...@lari.finance> wrote:
The behavior:  When `globalThis` is passed into `Object.isFrozen`, it returns false.

That's as-designed, as noted in Hardened JavaScript | Documentation:

You can create a new Compartment object. When you do, you can decide whether to enforce OCap discipline by calling harden(compartment.globalThis) or not. If not, beware that all objects in the compartment have authority to communicate with all other objects via properties of globalThis.

--
Dan

Dan Connolly

unread,
Sep 13, 2023, 7:09:30 PM9/13/23
to Thomas Greco, SES-strategy
ah. you do point out some docs that need fixing


--
Dan

Reply all
Reply to author
Forward
0 new messages