alt Hacker NewsHow do you prevent compression bomb attacks when files can define their own compression functions?
You could have some kind of OOM killer, but that will be a "footgun" that people who are actually doing "big data" will constantly shoot.
This pretty much kills any ingestion pipeline where the source is untrusted.
Replies
johncolanduoni • yesterday at 6:18 PM
OOM killing in WebAssembly is trivial, since it’s all in a growable linear memory. All the runtimes I’m aware of have a simple maximum memory setting, and they’ll trap any allocation requests after that point.
➕ show 3 replies
kibwen • yesterday at 6:35 PM
Denial-of-service is bad, but it's not in the same ballpark, the same sport, the same planet, or the same universe of bad as RCE.
It seems like the WASM is simply a fallback if no other decoder is available. If the data source is untrusted, simply don’t run the WASM decoders.
“Some code is untrusted” does not mean code should never be executed. There are more use cases with trusted sources than untrusted.