couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <>
Subject Re: Branch to switch from SpiderMonkey to Node.js
Date Thu, 31 Jan 2013 16:34:10 GMT
On Thu, Jan 31, 2013 at 5:27 PM, Jason Smith <> wrote:

> On Thu, Jan 31, 2013 at 3:39 PM, Jan Lehnardt <> wrote:
> >
> > >> Can someone please specifically describe a "sandbox" feature? CouchJS
> > >> passes the test suite. So what does the sandbox do?
> > >>
> > >
> > > did it many time. See my other mail where I tried to summarise it
> again.
> >
> > Can you give me a link? I was rather busy with CouchDB Conf prep in the
> > past weeks.
> >
> I have been collecting them as notes in the v8 ticket, COUCHDB-1643
> Starts here:
> Obviously, I am mostly listing "non-features" which are impossible to test
> for. However I still have some ideas. Like I said, if JavaScript runs and
> there are not *exactly* the correct global variable names (and their types)
> then maybe that should be a failing unit test.
> Also, I am thinking of maybe doing something with library shimming, using
> LD_PRELOAD or something. Or maybe something with dtrace. I would like to
> log all i/o a process does, at the system call level or so. And then run
> the entire CouchDB test suite. Then I can make sure that total i/o bytes
> into and out of javascript === 0.

A javascript engine doesn't expose any IO par default. The **framework**
nodejs is, this is all the point. I'm quite interested by the existing
solutions to sandbox nodejs, do you know some projects that does it?

> Maybe I can't defeat a motivated attacker, however a test like that might
> detect if we inadvertently do something bad. Doesn't couchjs link about
> libcurl. How sure are you that there is no way cURL could possibly ever
> sneak into the public API?
> You can build couchdb without curl support. in other case there was this
old action.js from jchris that were exposing curl. but by default it isn't.

- benoƮt


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message