Firefox

18348 readers

210 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago

MODERATORS

WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95 – Mozilla Hacks - the Web developer blog (hacks.mozilla.org)

submitted 3 years ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 3 years ago (1 children)

This is a really powerful tool and I hope we see this used more. Traditional process based sandboxing is very efficient inside the process, but IPC is very expensive. This approach flips the tradeoffs exactly backwards as the sandboxed code is slower, but IPC is nearly free. This means that it can cover exactly the space that was too expensive to sandbox before. The two approaches are perfect compliments for each other. I now imagine that the vast majority of code can be put into one of these two groups leaving very little code that is unable to be sandboxed for performance reasons.

[–] [email protected] 1 points 3 years ago

I was thinking this implementation looks very similar to eBPF, where the injected code is translated to safe and native instructions, which improves security and performance. I wonder if they got some inspiration from the verifier+jit approach in the linux kernel. this is very very good and cool imo.