Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Still not having bounds protection is a very big one, and 40 years of CVE history doesn't help.


WebAssembly does have bounds checking, you can't write outside the designated memory block.

On 64-bit systems with virtual address space to spare, you can offload bounds checking to MMU by memory mapping 2 GB+ protection zone both below and above the exposed memory region.

If you then limit all pointers/offsets to 32-bit, there should be no direct way to corrupt anything else. You can't reach anything interesting within 32-bit offsets. Of course one can corrupt WebAssembly instance memory all they want, but it won't matter.

Performance and security win.

Left CPU bugs outside consideration, hopefully those can be addressed in WASM codegen. Not like it's that different from current Javascript JIT cases.


The memory block contains all data together in well, a block, thus you can happily overwrite two neighbouring arrays, unless I am missing something here WebAssembly does not have fat pointers.


Sure, you can corrupt all the data in your instance.

You can't overwrite code or the true call stack, so what's the (security) risk?


Funny question, basically with corrupted data anything goes.

For a very extreme convoluted example, maybe that value given back to the JavaScript layer will trigger a patient death by sending the wrong value to their insulin device monitor.

But yeah, code and true call stack will be perfectly safe.


One day a random bit flip in a web app on a non ECC-protected iPad * controlling a life-critical system will kill a person.

It's just a matter of time.

* Or any other device with data corrupting hardware or software issues.


Yep it is just a matter of time.

Successful lawsuits against insecure software need to become a common event until most companies actually start paying attention to their technology stack and development processes.


Is that a security risk? That could just happen due to a logic bug.


That is the common excuse of C developers.

The goal of software security is to minimize all attack vectors.

Logic bugs < Logic bugs + Memory corruption bugs


Sure but Im not sure how your example is a security bug and not a normal bug? I guess if the web page was also processing untrusted data?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: