gnh1201/wasm-micro-runtime
1
0
Fork 0
mirror of https://github.com/bytecodealliance/wasm-micro-runtime.git synced 2026-04-18 18:18:44 +00:00
Code Issues Actions 18 Packages Projects Releases Wiki Activity

Update doc/security_need_to_know.md

Browse Source 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Stephen Berard 2026-03-31 11:26:11 +02:00 committed by GitHub
parent efe44030f1
commit 3f1e29a115
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/security_need_to_know.md
View File

@ -14,9 +14,9 @@ It is commonly stated that a security issue is an issue that:
Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that the execution of Wasm modules is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand. Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that the execution of Wasm modules is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cash crashes may be considered as bugs but are not classified as security issues. WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cause crashes of the runtime may be considered as bugs but are not classified as security issues.
If the AoT compiler and/or related tools emit an AoT binary that causes a breach of the Wasm sandbox or a crash is considered a potential security issue. It is assumed that the correct configuration and options are used when generating AoT binaries. Misconfiguration or misuse of the tooling options, therefore, are not considered to be security issues. If the AoT compiler and/or related tools emit an AoT binary that breaches the Wasm sandbox or causes the runtime to crash, this indicates a potential security issue in the AoT toolchain. It is assumed that the correct configuration and options are used when generating AoT binaries. Misconfiguration or misuse of the tooling options, therefore, is not considered to be a security issue.
### Is this bug considered a security vulnerability? ### Is this bug considered a security vulnerability?