Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It doesn't matter if the host remains untouched, when its behaviour depends on outputs from WASM functions.

So you can get upgraded security credentials, while the host remains 100% safe, as a possible attack scenario.

Security is only effective as the weakest link.



WA's goal posts are "protect the host from the program, not the program from itself"; the program is assumed to be malicious in this context. If you want to turn around and eval the output of a potentially malicious program in the context of the host, that's on you. You haven't 'broken' the WA memory barrier and blaming WA is an attempt to move the goal posts. WA adds a specific (hitherto unbroken) security layer; intentionally poking a hole in it and prancing about like you've found something is just crying wolf.

Edit to add that I agree that whole-program security is obviously still important when a WA-sandbox is part of the whole program, but WA is not advertised to be a solution to the halting problem, it's still just a tool. Be aware of the capabilities of the tools you use, wishing that your tools are made of magic does not make them more capable than what they were designed for.


Ergo, the same security capabilities of an OS process regarding the host OS.

I am fully aware of WebAssembly capabilities, its advocates should be as well, instead of shouting security left and right.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: