Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn't about escaping the vm. It is about changing how the program works inside. Wasm also does not have the concept of read only memory which is another massive security hole.


"even if" you can change the program (and like some other comments indicated, I'm fairly certain that's not how linear memory in WASM works), WASM still runs on a "capability model": It has access to only certain file handles, sockets, etc. that are provided declaratively.

I was once a huge detractor and naysayer of WASM, but now I'll readily admit that this is the way security "always should have been done".


> It is about changing how the program works inside

You can do the same in JavaScript, and it can be very useful. What's your point?


No. I think you are conflating the issues here.

In this case we aren't talking about changing some code in a .js file through a RFI attack. We are talking about changing the behavior of how the node.js interpreter would run the .js file because at the end of the day the interpreter itself is what is getting ran by the os.


No, you would be changing how the wasm module operates in its own address space. You aren't changing how the VM runs. As far as I know wasm never made any promise against self-modifying code and I don't even understand the threat model you think exists since everything is isolated.

If you have specific security concerns, you should be showing actual attacks against wasm runtimes or somehow show that the security model of wasm as a whole will always reduce to an insecure configuration. What you have shown is something that is "exploitable" on pretty much every architecture I know of.


Well no it is not. You can't run that on linux which I'd imagine most people who are wanting to do server-side wasm are coming from.

This is another issue:

    #include <stdio.h>
    #include <stdlib.h>

    int main() {
        char *s = "world";

      s[0] = 'o';
      s[1] = 'w';
      s[2] = 'n';
      s[3] = 'e';
      s[4] = 'd';

        printf("Hello, %s\n", s);
    }


...... I really can't tell if you're trolling now or not.


I feel bad for people who spent their time seriously responding to a troll.


I really don't know how to parse this comment but I'll try to be charitable.

How do you propose WASM code is able to change the WASM interpreter behavior?

Could you be misunderstanding WASM's memory model? Are you aware that WASM code can only access explicitly instantiated userspace JS linear memories? Are you aware these memories are just ArrayBuffers in JS userspace?


Well I think it's been pointed out, repeatedly, that wasm needs memory protection.

I'm very far from the only person pointing out a lot of this btw:

https://www.usenix.org/system/files/sec20_slides_lehmann.pdf

https://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-...

https://00f.net/2018/11/25/webassembly-doesnt-make-unsafe-la...


Again, apologies for the bluntness, but the people who have linked those very links as responses to your ranting are pointing out that you are incorrect about a lot of things.


Well those are a lot of links unrelated to my question or anything you've said in this thread.

You're clearly unable to admit you're wrong. Hard to be charitable about that.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: