|
|
|
|
|
|
by lifthrasiir
1007 days ago
|
|
|
> You can do attacks that most people haven't been able to do for 20+ years. This is a bad and roundabout way to say that vulnerabilities in WebAssembly modules may still cause a corruption in their linear memory. Which is absolutely true, but those attacks still matter today (not everyone turns ASLR on) and similar defences also apply. In the future multiple memories [1] should make it much easier to guard against remaining issues. WebAssembly is a lucrative target only because it is so widespread and relatively young, not because it has horrible security (you don't know how the actually horrible security looks like). [1] https://github.com/WebAssembly/multi-memory/blob/main/propos... |
|
|