Comments (4)
I think this would be useful and got here because I was thinking about whether I could build a distributed make
like tool on top of lunatic, which would definitely need the ability to spawn OS processes. I think if you're allowing spawning OS processes, you're allowing code to run outside the lunatic runtime, therefore you need security enforced outside the runtime. Lunatic could try to add best effort sanitizing, but in the end I think you need a container/VM outside Lunatic to control what other OS processes that are outside Lunatic's model can do. "Stuff run outside the runtime needs security from outside the runtime" seems fair. You could have a trusted lunatic process that spawns a limited set of OS processes based on messages from other lunatic processes, but that trusted lunatic process in the end still needs some API to call.
It shouldn't be an on-by-default capability and the docs should warn users and encourage them to compile their utilities to WASM and run them inside lunatic instead if possible, but that's not always practical (closed source binaries, maintainers not interested in WASM support, reliance on APIs that don't exist in WASI yet, better native performance, etc).
from lunatic.
from lunatic.
I personally think having both a whitelist and blacklist of input filtering, with the blacklist taking precedence in case of collisions, would go a long way towards having an initial security implementation for this.
Hopefully others will comment here as well.
from lunatic.
I am a newbie to Lunatic, WebAssembly and Rust, so please bare with my queries.
I am looking into the issue and see if i can implement it.
- What is the configuration option required?
- A simple boolean flag to allow or disallow any commands to be executed?
- A list of commands that are allowed?
Do we need the users to specify the whole path and/or md5 hash? In case we need md5 hash, do check the hash before executing the command?
We are not going to check/validate the arguments? (for eg if the user gives rm -rf, we do allow it!) - A list of commands that are not allowed?
so any command not in this blacklist is allowed.
- Wasi folder restrictions
Looking at this https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-tutorial.md link i got the impression that we need to explicitly specify the folders to which there is read access.
So let's give it capabilities to access files in the requisite directories:
$ wasmtime --dir=. --dir=/tmp demo.wasm test.txt /tmp/somewhere.txt
$ cat /tmp/somewhere.txt
hello world
Do we need to consider this when we allow which all commands can be executed and whether the restriction is applicable to those commands?
- command which runs infinitely
What if the command is expecting a user input or it is running infinitely? Do we need a (configurable?) timer which will "kill" the command if it doesn't complete within that time?
@bkolobara gave me some guidance (async, streaming etc) in the discord channel. I will have better clarity (and hopefully better queries) once i complete reading of those links.
from lunatic.
Related Issues (20)
- Security Model and Considerations
- Support tinygo ? HOT 1
- curious, when hot reload will be avail? HOT 1
- Add host function to check if process is alive
- Port of permission flags from deno HOT 2
- udp and tcp peer addr missing from wat HOT 2
- RUSTSEC-2020-0071: Potential segfault in the time crate HOT 1
- Improve error message when wasm module is not found
- Environment variables are not properly shared between processes HOT 1
- invalid memory reference (signal: 11) when using the new atomic registry API
- RUSTSEC-2020-0168: mach is unmaintained HOT 1
- RUSTSEC-2021-0145: Potential unaligned read HOT 2
- Serverless support HOT 2
- Compatibility with WASMEX
- Is it possible to run RustPython => Wasm on a top of Lunatic.Solutoins?
- RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building
- F# to Rust HOT 3
- Guide for compiler-developers HOT 1
- Feedback for “Introduction” HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lunatic.