Ancestors

Written by Laurence Tratt on 2025-01-28 at 11:34

New post: "Can We Retain the Benefits of Transitive Dependencies Without Undermining Security?" https://tratt.net/laurie/blog/2024/can_we_retain_the_benefits_of_transitive_dependencies_without_undermining_security.html

=> View attached media

=> More informations about this toot | More toots from ltratt@mastodon.social

Toot

Written by Janne Moren on 2025-01-28 at 12:21

@ltratt

I would say this needs hardware support; some kind of privilege barrier operating across regular procedure calls between components. The callee can only see its own stack frame, and heap memory allocated by itself or explicitly passed to it.

=> More informations about this toot | More toots from jannem@fosstodon.org

Descendants

Written by Laurence Tratt on 2025-01-28 at 12:23

@jannem I broadly agree.

=> More informations about this toot | More toots from ltratt@mastodon.social

Written by Tom Ritter on 2025-01-29 at 12:07

@ltratt @jannem that's broadly how wasmboxing works in Firefox to isolate some third party libraries, but without explicit hardware support https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/

=> More informations about this toot | More toots from tomrittervg@infosec.exchange

Proxy Information

Original URL: gemini://mastogem.picasoft.net/thread/113905952628820372
Status Code: Success (20)
Meta: text/gemini
Capsule Response Time: 258.097701 milliseconds
Gemini-to-HTML Time: 0.595465 milliseconds

This content has been proxied by September (3851b).