|
|
|
|
|
|
by phickey
1380 days ago
|
|
|
The security properties are ultimately why we invested in WebAssembly. We (Fastly; the author is my colleague) run very large numbers of WebAssembly modules, all in the same process where the plaintext HTTP requests and responses from very large numbers of our customers reside, without needing to trust the authors of those modules. There are many technologies for running untrusted code out there, and we picked WebAssembly because we can make it fast in all the ways this article details without compromising on security. Stay tuned, the next article in this series on Wasmtime security will run next Tuesday. |
|
|
The security of this looks very very fragile. Practically any vulnerability may leave the requests of all customers unprotected.
Compare with the common practice of isolating each customer on its own address space or, better yet, on their own VM, requiring a privilege escalation vulnerability (which is much rarer) to eveasdrop on other processes or VMs running on the same computer
edit: now, if you're running each wasm module on a separate process, sandboxed with seccomp-bpf, now that's another thing entirely, and might be more secure AND more performant than traditional VMs