Hacker News new | past | comments | ask | show | jobs | submit login

What about fixing the lack of bounds checking when multiple data elements are mapped into the same linear memory block?

This leaves the door open for trying to influence behaviour of C and C++ generated WebAssembly modules, by corrupting their internal state via invalid data.




If you give a sandbox a capability and then there’s a bug in it, there’s always a chance that it will maliciously access those privileged resources. The only way I can see of protecting against logic bugs like these is better tooling.


Yeah, but then one should acknowledge those issues, and not advocate WebAssembly as if there weren't hundreds of other attempts since the late 50's.


They don't mention them because their focus is on other aspects of safety.


Either one is actually serious about security across the whole stack, or not.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: