Comment by rvz
7 hours ago
If you are porting anything from C into WebAssembly, keep in mind that you still inherit C based vulnerabilities. [0] [1]
[0] https://soft.vub.ac.be/Publications/2022/vub-tr-soft-22-02.p...
7 hours ago
If you are porting anything from C into WebAssembly, keep in mind that you still inherit C based vulnerabilities. [0] [1]
[0] https://soft.vub.ac.be/Publications/2022/vub-tr-soft-22-02.p...
which of these vulnerabilities are most concerning to you in wasm programs?
Also https://00f.net/2018/11/25/webassembly-doesnt-make-unsafe-la...
No worries, it is sandboxed. /s
Why /s? That does massively reduce the exposure
As much as an OS process, on a modern OS that is.
The bounds checking story is only on the external limits of linear memory segments.
If memory gets corrupted inside a linear memory segment, it can equally well be exploited to change execution behaviour, which for many scenarios is already good enough for the attacker.
Yet these kind of attack vectors usually are dropped from blog posts selling WebAssembly as a revolutionary bytecode.
It is only yet another one since various others that came and went since UNCOL became an idea.