View Issue Details

IDProjectCategoryView StatusLast Update
0012660MMW 5Generalpublic2022-04-21 22:37
Reporterjiri Assigned To 
PriorityhighSeverityminorReproducibilityN/A
Status feedbackResolutionopen 
Summary0012660: Sandboxing
DescriptionSince MM API will expose features that could be exploited for dangerous operations (e.g. filesystem access), it would be useful to consider sandboxing options at least for some features. Currently all scripts use 'app' object to access MM API, this would require a token to be delivered to scripts on their start (e.g. a random number), later used to access some features, e.g. like app.secure(token).filesystem.delete(xxx).

Note that the core JS code (our own) would probably need some randomization, in order to not let scripts to use its token. E.g. all source JS files could access the secure object as app.secure_default.xxx and the string 'app.secure_default' would be replaced in all JS files to some randomized version (like app.secure_GAJGNSCNAZX).

Note that some tricks might be needed in order to properly hide our secure object, e.g. to overwrite Function.prototype.toString and to make our secure object non-enumerable.

Currently, just some ideas for further thoughts...
TagsNo tags attached.
Fixed in build

Activities

There are no notes attached to this issue.