|
|
|
|
|
|
by kevingadd
3133 days ago
|
|
|
It's a bit extreme but the reality is that a lot of production libraries tend to pull in imports that are as dangerous as eval, because the scope of the library is enormous, or it's actively supposed to interact with the DOM or JS. At that point, if someone can more trivially exploit it with a double free or buffer overflow, you've increased your security risk relative to JS (because overflowing a Uint8Array is basically never going to result in arbitrary function invocation) The way function addresses are sequential in wasm tables (and deterministic) also means it is probably easier to get to the function you want once you get code execution. |
|
|