gnu-linux-libre
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] servers which push random code to clients

From: bill-auger
Subject: Re: [GNU-linux-libre] servers which push random code to clients
Date: Thu, 15 Apr 2021 10:26:16 -0400 
On Wed, 14 Apr 2021 19:40:45 -0500 quiliro@riseup.net wrote:
> What do you mean by this statement?  Is it that Javascript does not need
> to be in the browser for some other program to execute it?

yes - in a web browser, javascripts are isolated in a "sandbox",
so that they can not access the OS or file-system - but there is
a trend of native desktop applications using javascript for
other purposes; and it is very tempting to get scripts
dynamically from a remote server, rather than publishing them as
static files in the source code, and those are probably never
visible to the user

then there is the 'node' interpreter, which also has full access
to the system - it is not essentially different from python and
other interpreted languages; but that the javascript culture is
far more inclined to use the internet as a "live" source of
executable code

in practice, each script snippet is probably trivial; but in
theory, that libre-loophole, is wide open and ripe for
exploitation
reply via email to
[Prev in Thread] Current Thread [Next in Thread]