Stream: git-wasmtime

Topic: wasmtime / issue #7051 `fd_fdstat_set_rights` does not er...

view this post on Zulip Wasmtime GitHub notifications bot (Sep 15 2023 at 21:07):

yagehu opened issue #7051:

Test Case

(module
  (type (;0;) (func (param i32 i64 i64) (result i32)))
  (type (;1;) (func))
  (type (;2;) (func (param i32)))
  (import "wasi_snapshot_preview1" "fd_fdstat_set_rights" (func $fd_fdstat_set_rights (type 0)))
  (import "wasi_snapshot_preview1" "proc_exit" (func $proc_exit (type 2)))
  (func $_start (type 1)
    i32.const 0
    i64.const 3
    i64.const 3
    call $fd_fdstat_set_rights
    call $proc_exit
  )
  (memory (;0;) 1)
  (export "memory" (memory 0))
  (export "_start" (func $_start))
)

Steps to Reproduce

Run the above WAT code with Wasmtime and print the error code. For example:

wasmtime a.wat; echo $?

Expected Results

stdin (fd value 0) starts with a fs_rights_base value of 2 (read). The above WAT snippet attempts to add a right to it by setting it to 3 (read + seek).

According the preview1 spec for fd_fdstat_set_rights:

Adjust the rights associated with a file descriptor. This can only be used to remove rights, and returns errno::notcapable if called in a way that would attempt to add rights

So the expected exit status is 76 (notcapable).

Actual Results

The snippet exits with errno 0.

Versions and Environment

Wasmtime version or commit: v12.0.2

Operating system: Mac OSX Ventura 13.5.2

Architecture: amd64

Extra Info

This is not a security vulnerability because, in my limited testing, the right does not actually get updated.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 15 2023 at 21:07):

yagehu added the bug label to Issue #7051.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 18 2023 at 14:49):

alexcrichton commented on issue #7051:

Thanks for the report! The rights system has been removed from Wasmtime however in preparation of the removal of rights in WASI preview 2. That means that the documentation of preview1 is probably a bit out of date since it theoretically should be updated to mention this, but development work is centered around preview2 at this time instead of preview1.

Since this is intended behavior though I'm going to go ahead and close this, but I can reopen if there are other questions.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 18 2023 at 14:49):

alexcrichton closed issue #7051:

Test Case

(module
  (type (;0;) (func (param i32 i64 i64) (result i32)))
  (type (;1;) (func))
  (type (;2;) (func (param i32)))
  (import "wasi_snapshot_preview1" "fd_fdstat_set_rights" (func $fd_fdstat_set_rights (type 0)))
  (import "wasi_snapshot_preview1" "proc_exit" (func $proc_exit (type 2)))
  (func $_start (type 1)
    i32.const 0
    i64.const 3
    i64.const 3
    call $fd_fdstat_set_rights
    call $proc_exit
  )
  (memory (;0;) 1)
  (export "memory" (memory 0))
  (export "_start" (func $_start))
)

Steps to Reproduce

Run the above WAT code with Wasmtime and print the error code. For example:

wasmtime a.wat; echo $?

Expected Results

stdin (fd value 0) starts with a fs_rights_base value of 2 (read). The above WAT snippet attempts to add a right to it by setting it to 3 (read + seek).

According the preview1 spec for fd_fdstat_set_rights:

Adjust the rights associated with a file descriptor. This can only be used to remove rights, and returns errno::notcapable if called in a way that would attempt to add rights

So the expected exit status is 76 (notcapable).

Actual Results

The snippet exits with errno 0.

Versions and Environment

Wasmtime version or commit: v12.0.2

Operating system: Mac OSX Ventura 13.5.2

Architecture: amd64

Extra Info

This is not a security vulnerability because, in my limited testing, the right does not actually get updated.

Last updated: Nov 22 2024 at 16:03 UTC