Hacker News new | ask | show | jobs
by paulgdp 1655 days ago
How is it different from using Clang's CFI (control flow integrity)?

I thought this was the same technique used in webassembly.

Chromium is using this too i think
1 comments
azakai 1655 days ago
CFI helps with control flow exploits, but it doesn't prevent memory corruption for example.

This sandboxing technique ensures that both control flow and memory accesses remain in the sandbox (except for when you explicitly allow otherwise).

link