Coulson Liang (May 01 2024 at 19:03): Coulson Liang (May 01 2024 at 19:03):Hi guys, I got a weird but hopefully interesting question. Suppose a WASM module calls a HostFunctionl, and wasmtime or other WASM runtime implements the host function by calling an external program. Can this external program do something hacky (like look at the call stack) and infer the linear memory start address of the caller WASM module?
I know it would be trivial if wasmtime just tell the external module, but from security aspect, my project want to do this in a more trusted place, if that's possible.
Or if it's possible to make all Linear Memory start address 32bit aligned, will this make inference more possible? Thank you!
Chris Fallin (May 01 2024 at 19:04):@Coulson Liang I don't think you need to do any reverse-engineering; the Wasmtime API on the host side lets you see slices of any exported memory, and from that you can get the address in host address space directly
Coulson Liang (May 01 2024 at 19:47):Yes I know that and tried that working. For some security reason, we want to check who is calling and where did the call come from by ourselves, without any information from the runtime, so I'm wondering if there are some hacky way to infer that information.
Chris Fallin (May 01 2024 at 19:52):Not entirely sure what you're asking: the runtime calls a host function, so it has to be trusted (any state you could use to determine the caller ultimately comes from the runtime)
Chris Fallin (May 01 2024 at 19:52):Can you describe the security problem at a higher level? What's the threat model? What's in the TCB, and what's not?
Coulson Liang (May 01 2024 at 22:22):Never mind, I just persuaded my boss to take the runtime as part of TCB, sorry for posting this weird question. Previously on other systems we look at the stack and infer where the call is from, but this doesn't make sense for Wasm at all.
Notification Bot (May 02 2024 at 00:24):Coulson Liang has marked this topic as resolved.
Last updated: Nov 22 2024 at 16:03 UTC