Closed mixmix closed 5 months ago
Electron 20.x.y has reached end-of-support ...
:ballot_box_with_check: Last working version electron@20.3.8
@mafintosh / @emilbayes I manage the scuttlebutt maintenance fund and would love to contribute funds to this issue being resolved.
Are either of you interested (or can you recommend someone who you'd trust to merge/publish a fix?). I'm interested in version 3 being patched for the moment, but the same fix will be applicable to 4. I imagine this is relevant to Keet too?
Dont think its fixable as electron disabled the api. We just dont use the secure mem atm. If I am wrong and it is fixable, then happy to apply.
@mafintosh I can see these paths forward, have marked this bits which I think you might be able to answer with (:question:).
If any seem of interest to explore, would be up for resourcing that (even if it's a dead end). If (1) is safe and fine, I can take that path instead
sodium_malloc
with Buffer.alloc
noise-protocol
(emile's)hmac-blake2b
(emile's)artefact-store
(mine)ssb-private-group-keys
(mine)This blog describes how to do this: electronjs.org/blog/v8-memory-cage#i-want-to-refactor-a-node-native...
This will copy the data into a newly-allocated memory region that is inside the V8 memory cage. Optionally, N-API can also provide a pointer to the newly-copied data, in case you need to modify or reference it after the fact.
napi_no_external_buffers_allowed
or NODE_API_NO_EXTERNAL_BUFFERS_ALLOWED
(see docs)End of same blog as in (2) says:
Refactoring to use V8's memory allocator is a little more complicated, because it requires modifying the
create_external_resource
function to use memory allocated by V8, instead of usingmalloc
. This may be more or less feasible, depending on whether or not you control the definition ofcreate_external_resource
. The idea is to first create the buffer using V8, e.g. withnapi_create_buffer
, and then initialize the resource into the memory that has been allocated by V8. It is important to retain anapi_ref
to the Buffer object for the lifetime of the resource, otherwise V8 may garbage-collect the Buffer and potentially result in use-after-free errors.
(1) answers my question adequately I think - if Hypercore team is happy with Buffer.alloc
for good enough security, then it's likely good enough for my needs too. There are probably easier ways to attack my projects that trying to access Buffers
Appreciate your time, thanks @mafintosh
Here's the solution I'm using. This is at the start of the main.js
file that electron
runs:
// WARNING - monkey patch
const na = require('sodium-native')
na.sodium_malloc = function sodium_malloc_monkey_patched (n) {
return Buffer.alloc(n)
}
Ah, and you also need
na.sodium_free = function sodium_free_monkey_patched () {}
Trying to upgrade to electron@26 , I started seeing an error which I tracked back to
sodium-native/blob/v3.4.1/binding.c#L95
Some research surfaces this issue https://github.com/electron/electron/issues/35801
TL;DR - the new memory cage in v8 deprecated
napi_create_external_buffer
:+1:The electron issue has people discussing different approaches to navigating this breaking change. I don't know enough of this domain (yet) to be able to take this further.