I'm sure some here have seen this paper or presentation Everything Old is New Again: Binary Security of WebAssembly
.
It shows how memory unsafe languages can be exploited with vulnerabilities that are usually mitigated by OS protections.
I haven't really seen any public responses to this, so I'm curious what the opionions here are.
Should/does it have to be the responsibility of WASM runtimes to implement/enforce protections like stack canaries and ASLR?
Stack canaries can't be implemented by the WASM runtime as it doesn't have any knowledge about the stack LLVM generates. It only knows about the WASM stack which is already completely isolated from arbitrary reads and writes. ASLR also isn't possible as it is the WASM module that defines the location where data is written to and doesn't leave any relocations to allow the WASM runtime to move the data. It also defines the order of entries in the table used for indirect calls, which needs to be dense (first element is at zero and no holes) as far as I know.
most mitigations should be in the toolchain, and some should additionally be in the runtime. stack canaries for example are a toolchain-only concern. read-only memory would involve both
Last updated: Dec 23 2024 at 12:05 UTC