wasm-micro-runtime icon indicating copy to clipboard operation
wasm-micro-runtime copied to clipboard
verified publisher icon bytecodealliance

some features are inherently insecure

Open yamt opened this issue 4 months ago • 6 comments

some of our features are inherently insecure.

for example,

  • WAMR_CONFIGURABLE_BOUNDS_CHECKS
  • wasi-nn load-by-name with the current design (https://github.com/bytecodealliance/wasm-micro-runtime/issues/4331)

at least they should be marked as insecure boldly to prevent users from using them casually.

yamt avatar Sep 05 '25 01:09 yamt

let's remove from iwasm?

#if WASM_CONFIGURABLE_BOUNDS_CHECKS != 0
    printf("  --disable-bounds-checks  Disable bounds checks for memory accesses\n");
#endif

lum1n0us avatar Sep 05 '25 01:09 lum1n0us

let's remove from iwasm?

#if WASM_CONFIGURABLE_BOUNDS_CHECKS != 0 printf(" --disable-bounds-checks Disable bounds checks for memory accesses\n"); #endif

i tend to object as it would make testing even more difficult.

yamt avatar Sep 05 '25 01:09 yamt

keep the flag but remove the CLI option. Let recompilation is the only way. ?

lum1n0us avatar Sep 05 '25 01:09 lum1n0us

keep the flag but remove the CLI option. Let recompilation is the only way. ?

i understand your suggestion. but i don't agree because iwasm is a (well, the only) convenient way to test it.

yamt avatar Sep 05 '25 02:09 yamt

my suggestion:

#if WASM_ENABLE_INSECURE_FEATURES == 0
#if WASM_CONFIGURABLE_BOUNDS_CHECKS != 0
#error WASM_CONFIGURABLE_BOUNDS_CHECKS is insecure.
#endif
#endif

yamt avatar Sep 05 '25 02:09 yamt

Love the idea of WASM_ENABLE_INSECURE_FEATURES.

lum1n0us avatar Sep 05 '25 02:09 lum1n0us