Stream: wg-secure-code

Topic: runtime sandboxing


Stuart Small (Dec 02 2019 at 20:13, on Zulip):

I wanted to keep yall up to date on something I've been working on. Partially inspired by the buidltime sandboxing thread I started playing with a run time sandbox env for HTTP handlers. The main idea is to explicitly allow the framework to build in RASP like functionality without some of the sketchy runtime instrumentation and byte code injection most RASPs out there use. Figure it might be of interest to this group eventually but I've got a lot more work to do on it

Stuart Small (Dec 02 2019 at 20:15, on Zulip):

I'm building it on top of wasm but getting interface types to play well with hostfuncs is requiring a lot of research and education. I think once it makes sense it should be more straightforward.

Tony Arcieri (Dec 02 2019 at 23:21, on Zulip):

nice. are you using wasmtime or what?

Stuart Small (Dec 02 2019 at 23:22, on Zulip):

Yup. Wasmtime. It's really well put together project

Stuart Small (Dec 02 2019 at 23:23, on Zulip):

It looks like it supports everything I need but this project is like diving straight into the deepest end I could find of wasm

Tony Arcieri (Dec 02 2019 at 23:23, on Zulip):

nice, I've been meaning to play with it

Stuart Small (Dec 02 2019 at 23:24, on Zulip):

They are extremely helpful on gitter and sunfishcode has a lot of great general wasm documentation

Stuart Small (Dec 02 2019 at 23:24, on Zulip):

It's better than the spec itself

Tony Arcieri (Dec 02 2019 at 23:24, on Zulip):

haha

Last update: Dec 12 2019 at 00:45UTC