Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wouldn't you already have access to the full WASM memory object by the time you can write an exploit that affects a WASM module?


No, the exploit would be in the comment text. You're exploiting a bug in the comment display code when it displays your comment to another user to do something that the comment display code isn't supposed to do.

Much like exploiting a C program that handles untrusted text and doesn't bounds check it. You aren't supposed to be able to run any code at all, but a vulnerability lets you make the program do something it isn't supposed to.

Some of the easiest exploits would be prevented since you probably can't overwrite code like you can (or used to be able to, a lot of platforms have added protection against this) in C, but some exploits are still possible just by overwriting other variables with values that the program doesn't expect.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: