[flohofwoe]

> "Arguably, memory safety inside the UNIX process heap is the job of the compiler, ...."

In my mind there's nothing controversial about this statement at all.

If memory corruption inside the sandbox allows to manipulate anything outside the sandbox, then the sandbox is broken. It's as simple as that, and it doesn't matter whether it's the WASM heap or a process heap.

[pjmlp]

And if there is no guarantee that the sandbox is on a safe state, whose execution doesn't translate into nasty side effects, like return true instead of false on a credential check, due to internal memory corruption, then it is equally broken.

It becomes the same approach as attacking OS processes via their public OS IPC end points.

[jstimpfle]

It's turtles all the way down.