Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Daemon: Guests able to evaluate, makeBundle, storeValue, and storeBlob #2289

Open
kriskowal opened this issue May 15, 2024 · 0 comments
Open

Daemon: Guests able to evaluate, makeBundle, storeValue, and storeBlob #2289

kriskowal opened this issue May 15, 2024 · 0 comments
Labels
daemon Issues pertaining the the pet dæmon 🐈‍⬛ enhancement New feature or request

Comments

@kriskowal
Copy link
Member

kriskowal commented May 15, 2024
edited by rekmarks

What is the Problem Being Solved?

Currently, host agents have the privilege of using evaluate, makeBundle, storeValue, and storeBlob, all of which are safe to extend to guest agents.

Description of the Design

Move these implementations to mail.js (which is clearly supposed to be named agent.js in MMXXIV) and expose them to both guest.js and host.js. We may need to take care to ensure that the guest can only use a worker named by the guest (not NEW). The solution to that problem may simply to remove the NEW complication entirely.

Security Considerations

Make sure guests don’t implicitly get a capability to spawn an arbitrary number of workers.

Scaling Considerations

Make sure guests don’t implicitly get a capability to spawn an arbitrary number of workers.

Test Plan

Do so.

Compatibility Considerations

Break them.

Upgrade Considerations

Not yet.
@kriskowal kriskowal added the enhancement New feature or request label May 15, 2024
@kriskowal kriskowal assigned kriskowal and unassigned kriskowal May 15, 2024
@rekmarks rekmarks added the daemon Issues pertaining the the pet dæmon 🐈‍⬛ label May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
daemon Issues pertaining the the pet dæmon 🐈‍⬛ enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kriskowal @rekmarks