Stream: general

Topic: Process Sandboxing


view this post on Zulip Tarek Sander (Apr 18 2024 at 19:17):

In the #wasi-gfx stream we had a discussion about the security of exposing a WebGPU API via WASI and came to the conclusion that implementers will probably want a separate sandboxed GPU process (akin to browsers). Future proposals may also benefit from this. However there isn't any sandbox library for Rust that supports Windows.

I'm willing to work on a cross-platform Rust process sandboxing library that supports Windows as well. Is there interest to make this a BytecodeAlliance project? IMO just one person isn't enough for something critical to security, especially since I'd need to read into the Windows sandboxing topic first (I already read about Linux namespaces and seccomp-bpf, and the isolated service provided by Android). Thankfully there are the browser sandboxes you can learn from, but I still wouldn't trust just my own code for something like this.

view this post on Zulip Ralph (Apr 18 2024 at 20:29):

for windows, see my follow up in that thread.


Last updated: Nov 22 2024 at 16:03 UTC