Created attachment 447852 [details] [diff] [review] WIP 1 - don't expect too much The most important thing to read is https://developer.mozilla.org/en/XPConnect_security_membranes which is kind of a hopeful fiction, partly describing the current state of play and partly describing where I think we want to be. Or just read this fragment of code (attached). Unfortunately it's pre-proxy and overengineered-- the Membrane class is unnecessary. Now that I know what I want, it needs to just be a single AbstractWrapper class with a few pure virtual methods called, say, wrap(obj) rewrap(obj) checkAccess(obj, id) doGetProperty(...) doSetProperty(...) doCall(...) doConstruct(...) ... But the guts of jsmembrane.cpp is worth looking at.
Incomplete thoughts follow. Another reason not to add a stack frame every time we cross the boundary... maybe... is that some XPCOM getters/setters/methods are designed to be called by callers of all different privilege levels. These are called allAccess properties--holdover stuff from before we had wrappers. The getter/setter itself examines the stack if it needs to know the caller's principals. So if the wrapper pushed a stack frame, that could be Bad. (I think this might be fixable but can't really say.) This is a reminder that we're still transitioning from stack examination to object-capabilities, not there yet.
We implemented this elsewhere. Closing.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.