←back to thread

Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised

(socket.dev)
1208 points jamesberthoty | 1 comments | 16 Sep 25 11:22 UTC | HN request time: 0s | source
Show context
l___l ◴[16 Sep 25 11:48 UTC] No.45260940[source]
Is there a theoretical framework that can prevent this from happening? Proof-carrying code?
replies(8): >>45260951 #>>45260961 #>>45260981 #>>45260989 #>>45261022 #>>45261060 #>>45270399 #>>45274246 #
killerstorm ◴[16 Sep 25 11:56 UTC] No.45261022[source]
Object-capability model / capability-based security.

Do not let code to have access to things it's not supposed to access.

It's actually that simple. If you implemented a function which formats a string, it should not have access to `readFile`, for example.

Retrofitting it into JS isn't possible, though, as language is way too dynamic - self-modifying code, reflection, etc, means there's no isolation between modules.

In a language which is less dynamic it might be as easy as making a white-list for imports.

replies(1): >>45261167 #
pjc50 ◴[16 Sep 25 12:11 UTC] No.45261167[source]
People have tried this, but in practice it's quite hard to do because then you have to start treating individual functions as security boundaries - if you can't readFile, just find a function which does it for you.

The situation gets better in monadic environments (can't readFile without the IO monad, and you cant' call anything which would read it).

replies(2): >>45261455 #>>45273926 #
1. l___l ◴[17 Sep 25 10:14 UTC] No.45273926[source]
Can it be done by restricting the readFile capability between code boundaries instead of restrict it from a specific function? Then it doesn't matter if you know of another function which does it for you.