Comment by IshKebab

Comment by IshKebab 2 days ago

9 replies

View on Hacker News

> It can hose your memory all it wants, it can just only do so within the confines of the sandbox.

True, although as I understand it the WASI component model at least allows multiple fine-grained sandboxes, so it's somewhere in-between per-object capabilities and one big sandbox for your entire program. I haven't actually used it yet so I might be wrong about that.

> so you'll probably have to wait ten years to get something comparable from WASI

I think for many WASI use cases the capability control would be done by the host program itself, so you don't need OS-level support for it. E.g. with Wasmtime I do

  WasiCtxBuilder::new()
        .allow_tcp(false)
        .allow_udp(false)
        .allow_ip_name_lookup(false)
But yeah a standard WASI program can't itself decide to give up capabilities.
pjmlp 2 days ago

WASI is basically CORBA, and DCOM, PDO for newer generations.

Or if you prefer the bytecode based evolution of them, RMI and .NET Remoting.

I don't see it going that far.

The WebAssembly development experience on the browser mostly still sucks, especially the debugging part, and on the server it is another yet another bytecode.

Finally, there is hardly any benefit over OS processes, talking over JSON-RPC (aka how REST gets mostly used), GraphQL, gRPC, or plain traditional OS IPC.

Reply View 8 replies
  • jart a day ago

    You've named half of the weasel security technologies of the last three decades. The nice thing about SECCOMP BPF is it's so difficult to use that you get the comfort of knowing that only a very enlightened person could have written your security policy. Hell is being subjected to restrictions defined by people with less imagination than you.

    Reply View 0 replies
  • IshKebab 2 days ago

    > hardly any benefit over OS processes, talking over JSON-RPC

    Hardly any benefit except portability and sandboxing, the main reasons WASM exists?

    Reply View 6 replies
    • kllrnohj 2 days ago

      WASM sacrifices guest security & performance in order to provide mediocre host sandboxing, though. It might be a useful tradeoff sometimes, but proper process-based sandboxing is so much stronger and lets the guest also have full security & performance.

      Reply View 3 replies
      • IshKebab 2 days ago

        How is process-based sandboxing stronger? Also the performance penalty is not only due to sandboxing (I doubt it's even mostly due to it). Likely more significant is the portability.

        Reply View 2 replies
    • pjmlp 2 days ago

      WASM is only portable if the only thing it does is heating up CPU, given that everything else depends on the host.

      Reply View 1 reply
      • IshKebab 2 days ago

        No because the host can present the same interface on every platform. I do think that WASI is waaay to much "let's just copy POSIX and screw other platforms", but it does work pretty well even on Windows.

        Reply View 0 replies