Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
trealla
A compact, efficient Prolog interpreter written in plain-old C (Wasm experimental fork). (by guregu)
Java had an extremely advanced and strict sandbox for many years.
It offered of course also the possibility to blacklist everything by default.
The problem with such a granular sandbox is that it's too complex for most use cases.
When you need to whitelist any and every call to the outside world this becomes very tedious.
That's why Java now removes the sandbox…
https://inside.java/2021/04/23/security-and-sandboxing-post-...
Let's see how this works out for WASM.
I guess: Without resorting to using some language(s) with build-in support for capability security a whitelist based sandbox approach won't ever work without issues.
First of all you can forget about C/C++. Everything in this languages assumes free access to the system.
Rust does not have any support for capabilities either (yet, and for the years to come at least).
The best current WASM sandbox implementation, which is in Wasmer not WasmTime, is not more than a FS block. (And the memory safety guaranties you get in any VM language, of course).
https://docs.wasmtime.dev/security.html
I don't find any such feature mentioned in the Wasmer docs. It seems completely without any sandbox! (To stress it once more: All VM languages are memory safe. That's not sandboxing. All the "sandboxed by default" claims are misleading, at least).
https://github.com/wasmerio/wasmer/issues/221
That even people here on HN believe in the currently unfulfilled WASM security promises shows only how good the WASM marketing is. This should make you even more skeptical. One should never over promise on security! Java had to learn this the hard way over many years (as their sandbox had have holes in the past, and was also almost impossible to correctly configure).
I started digging into it, looks promising indeed. I may have to go the service worker route, or perhaps a web worker if possible.
Nothings exploded so far: https://github.com/DustinBrett/daedalOS/commit/eb958836f1f5e...
Honestly I can't really say (I just ported it to WASM :-)), but here's more or less the start of the query loop: https://github.com/guregu/trealla/blob/main/src/query.c#L173...
I believe it's a bytecode but I know that function pointers are involved at least with the built-in predicates (see predicates.c).