740529 - [jsdbg2] Debugger.Object instances should not reveal environments or scripts of non-debuggee functions

Status: RESOLVED DUPLICATE of bug 912536

(Core :: JavaScript Engine, defect)

Description

[Jim Blandy :jimb]

Attachment: Test that Debugger.Object.prototype.{environment,script} does not expose non-debuggee environments and scripts.

If a debugger can't get reach a global object to add it as a debuggee, it shouldn't be able to reach it, or any code in its scope, via the Debugger API.

The Debugger API allows debuggers to retrieve functions' and frames' scripts and environments via accessors inherited from Debugger.Object.prototype. These are the only ways to obtain scripts and environments. Those accessors should return 'undefined' if the referent is not a debuggee.

The attached test checks Debugger.Object's accessors.

At the moment, we only create Debugger.Frame instances for debuggee frames, so there's no reason for Debugger.Frame accessors to check anything. (The case where we create a frame and then remove the debuggee isn't interesting from a security point of view). However, in the future we plan to have "visible" frames that are not "debuggee" frames, to allow stack traces to include things like calls to primitives and functions in modules that aren't being debugged. (See the debugger docs for details on what "visible" frames are.) Once this is implemented, the Debugger.Frame accessors will need to check debuggee-ness as well.

Comment 1

[Jim Blandy :jimb]

At present, Debugger.Object instances don't happen to reveal non-debuggee environments/scripts if their global is in a different compartment, because of a different bug (or, at least I think it's a bug): if a Debugger.Object's referent is a cross-compartment wrapper for a function, .script and .environment return undefined regardless of whether it's a debuggee function.