TC39 Module Harmony on 2023-07-06

16:41	<ljharb>	ok to delete next week's meeting, due to plenary?
17:06	<nicolo-ribaudo>	Yes!
19:31	<danielrosenwasser>	Hey folks, pardon my ignorance, but I've been trying to piece together the story of how Shadow Realms, Compartments, and SES/Hardened JavaScript sort of fit together to allow untrusted code to execute (apart from availability concerns). Does this sound right? Components allow you to create a new intermediate "global scope", but where the intrinsics and `globalThis` are still shared with those of the current Realm (a.k.a. the host?). To "safely" run arbitrary code inside of a Component, one would need to lock down the intrinsics (i.e. the proposed `lockdown()` in SES) Because it is impractical to lock down your own Realm, that's where Shadow Realms come in. You create a separate Shadow Realm, lock that down, and run arbitrary code within a Compartment in that Realm. is that the right intuition? Is there anything I'm missing?
23:06	<Mathieu Hofman>	In Compartments / Evaluators, the `globalThis` would not be shared, but the intrinsics would be shared for the Realm. For Evaluators, it may be possible to have different evaluators share the same global object, including the realm's original global object, though obviously that would not be useful as an integrity boundary.
23:09	<Mathieu Hofman>	It should be possible to lockdown your own realm.
23:11	<Mathieu Hofman>	ShadowRealm and Compartments are mostly orthogonal. The problem that ShadowRealm solves is that some code expects a non locked down environment (compatibility), and it's impossible to virtualize another environment on some hosts (aka browsers) where the main realm's global object has powerful non configurable properties.
23:11	<Mathieu Hofman>	I'll let Kris Kowal correct any misrepresentation I may have made