Hacker News new | past | comments | ask | show | jobs | submit login

This kind of technique could also be applied to the parts of Firefox built with Rust, correct?



It could but Rust already solves the issues this is aiming to solve but with fewer steps. I don't know what Mozilla's policy is on adding Rust vs C++ for new features.


I somewhat disagree.

Safe rust solves the memory safety problem. However, there is still the possibility of a logic bug causing rust to touch something it shouldn't.

The sandbox approach is about adding a second level for malicious code to bypass. You now not only need to find a way to get past the code, you also need to find a way out of the sandbox.

It's a little like running your apps on a server with highly restricted permissions. You do that so the app compromise limits what is exposed.


Rust is memory safe. It does not need this treatment.


It would still be useful in that case as defense in depth. Specifically it could guard against compiler bugs, use of "unsafe", etc.


And conversely, if a C/C++ component is put into a wasm module, work that's needed to clearly specify the API can be re-used for any possible Rust rewrite in the future.


The wasm compiler can have its own bugs.


That is why you should write it in Rust, obviously. ;)


It's a smaller surface area that has a high amount of scrutiny. Particularly because it is already being exposed to arbitrary code execution.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: