Hacker News new | comments | show | ask | jobs | submit login
Rootkits for JavaScript Environments [pdf] (usenix.org)
35 points by chorola on Feb 25, 2013 | hide | past | web | favorite | 2 comments

If you manage to get the code to execute on a worker or an iframe, you should have a clean environment to operate in, with your own copy of the native environment and prototypes.

The question is... how do you create an iframe or worker safely? document.createElement and window.Worker can be poisoned too.

Perhaps its possible to verify the functions you're using are native and not created in user-land? that way, at least you could identify the attack and stop execution.

If you knew what JS to expect from the host, you might cache a checksum and compare after load.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact