Skip to content

Provide overview of security model #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jfbastien merged 1 commit into from
Jul 12, 2016
Merged

Provide overview of security model #717

jfbastien merged 1 commit into from
Jul 12, 2016

Conversation

@ddcc
Copy link
Contributor

@ddcc ddcc commented Jun 30, 2016

This commit introduces a discussion of WebAssembly's security model
for both users and developers, though primarily targeted at latter.
Resolves #205.

@jfbastien
Copy link
Member

jfbastien commented Jun 30, 2016

Awesome, thanks for doing this! I already reviewed the PR pre-submit, so lgtm but I'd like to get input from other folks.

sunfishcode
sunfishcode reviewed Jun 30, 2016
View reviewed changes
CAndC++.md Outdated
[LLVM's vector extensions]: http://clang.llvm.org/docs/LanguageExtensions.html#vectors-and-extended-vectors
[GCC's vector extensions]: https://gcc.gnu.org/onlinedocs/gcc/Vector-Extensions.html

Note that inline assembly or other platform-specific features are not supported.
Copy link
Member

@sunfishcode sunfishcode Jun 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a little confusing, because WebAssembly C/C++ compilers do support some forms of inline assembly. The mental model is that it is platform-specific, because the platform is WebAssembly itself.

@ddcc
Copy link
Contributor Author

ddcc commented Jul 1, 2016

Thanks, I've revised the text to address the comments.

@sunfishcode: That paragraph seemed more relevant to security than nondeterminism, so I moved it over and extended it. Although randomization could be an implementation detail, it is something that developers should at least be aware of and ideally be able to control.
@naturaltransformation: Yes, the new version of this should be more clear.

sunfishcode
sunfishcode reviewed Jul 7, 2016
View reviewed changes
CAndC++.md Outdated

Note that non-WebAssembly inline assembly or platform-specific features
are not supported, such as x86 assembly or MMX/SSE/NEON vectorization
primitives.
Copy link
Member

@sunfishcode sunfishcode Jul 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is, ironically, still slightly misleading, since Emscripten provides <xmmintrin.h> and a few others that provide compatibility with x86-specific APIs, implemented via asm.js SIMD constructs (WebAssembly doesn't yet have SIMD, but it is expected to before long).

Copy link
Contributor Author

@ddcc ddcc Jul 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, it seems that I should just remove this paragraph.

dschuff
dschuff reviewed Jul 8, 2016
View reviewed changes
Security.md Outdated
Each WebAssembly module executes within a sandboxed environment separated from
the host runtime using fault isolation techniques. This implies:
* Applications execute independently (unless
[dynamic linking](DynamicLinking.md) is used), and can't escape the sandbox
Copy link
Member

@dschuff dschuff Jul 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applications execute independently even if dynamic linking is used. It's just that an application consists of more than one module. Probably the reference to dynamic linking isn't necessary here.

Copy link
Contributor Author

@ddcc ddcc Jul 8, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll remove this.

@ddcc
Provide overview of security model
6a3485e 
This commit introduces a discussion of WebAssembly's security model
for both users and developers, though primarily targeted at latter.
Resolves WebAssembly#205.
@sunfishcode sunfishcode modified the milestone: Meta Jul 8, 2016
@jfbastien
Copy link
Member

jfbastien commented Jul 11, 2016

This seems ready to merge, any further comments can be addressed in follow-ups (and @ddcc intends to have follow-ups to this). Will merge soon unless there are any objections.

@jfbastien jfbastien merged commit 62f3096 into WebAssembly:master Jul 12, 2016
@ddcc ddcc mentioned this pull request Jul 12, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Meta

Development

Successfully merging this pull request may close these issues.

6 participants

@ddcc @jfbastien @dschuff @sunfishcode @flagxor @naturaltransformation