|
|
|
|
|
|
by sitkack
1772 days ago
|
|
|
> I'm not sure you could hack the control flow when running bytecode on the JVM LLVM IR is C/C++, if you are embedding that into your Graal program w/o the same level of CFI that Wasm has, you can definitely crash your Graal program. We were literally talking about LLVM IR and you switched back to bytecode. JVM bytecode is safe, LLVM IR is not. > WASM won't get you anything beyond a "simple sanbox" ootb. Not true, the core tenet of Wasm is based around CFI. https://webassembly.org/docs/security/ Wasm has capabilities everywhere, it doesn't need an OS to provide this. Graal is so much more than JVM. The way it integrates LLVM IR absolutely matters wrt safety. If you include Wasm into a native code it doesn't reduce any of its security properties. You include LLVM IR into a JVM program and it will reduce your security properties. While LLVM has CFI it doesn't provide the same guarantees that Wasm CFI does. |
|
|