[angelmm]

With Wasm + WASI, you need to explicitly mount files and environment variables. Inside the Wasm VM, the Python interpreter, source code and dependencies only have access to a very reduced surface. Although you're right that if you mount credentials inside, they will be accessible too.

The incident I was talking about was the event-stream[1] vulnerability. The attacker introduced code that looked for the data of a crypto wallet. This data was stored in the user's home.

By default, interpreters may get access to the same resources that the user running the process. In Wasm, the resources are granted manually.

[1] https://blog.npmjs.org/post/180565383195/details-about-the-e...

[still_grokking]

> By default, interpreters may get access to the same resources that the user running the process. In Wasm, the resources are granted manually.

What's the difference to run the code under a different user (like for example `nobody` for "full sandboxing", or a "clone of nobody" with some additional access rights)?

[simonw]

Running code under a different user is hard. I don't know how I would do that on macOS, and the times I've done it on Linux I've always had to jump through a bunch of hoops.

[still_grokking]

MacOS aside, as this is not a serous operating system for this kind of workloads, do you think the "hoops" (which actually?) one needs to "jump through" are so problematic that it makes sense to create millions of lines of new code just to work around them? Only to arrive at the same result that is already working since something around 50 years? This must be really grave issues with just running a task as a different user… Could you expand on that?

[simonw]

I want to write software that end users can install on their own machines, that supports plugins so they can execute additional code from untrusted sources.

So macOS needs to work.

Microsoft Flight Simulator uses WebAssembly for its extensions system. I want to do the same thing for my own projects.