WASM doesn't get raw access to host memory, so in practice this does not expose ...

pjmlp · on Oct 8, 2018

Usually memory corruption isn't a JavaScript feature, unless there is a bug in the VM.

> You should never do authentication clientside. Clients are untrustworthy.

Nice way of picking up on my example, that was just an idea for a quick POC.

danShumway · on Oct 8, 2018

Well, sure. If there's a bug in the VM, then you have a problem. But your problem in that case is a lot bigger than this specific behavior. You don't need memory corruption to break clientside JS.

I wasn't trying to cherry-pick your example, but I see your example as indicative of the only types of bugs that are exposed by allowing unsafe memory access.

If you're writing a web app today, any unvalidated code you run on the client is a risk. WASM changes nothing about that. The only reason clientside memory access in a sandbox would ever be a security issue is if you were relying on a client not being able to access itself (ie, for stuff like authentication). And since you should never, ever trust the client anyway... I don't see why anyone should care about that class of issues. Don't run unvalidated code, and don't put any serverside logic with security implications on the client.

If you are going to run unvalidated code, you can put it in a WASM sandbox with its own dedicated chunk of memory. That's actually easier to do in WASM than it is in Javascript, since you don't need to worry about references across iframes anymore.

If you can think of a valid POC that's not already a security risk using current technologies, I'm open to it, but I can't think of one.