Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation regarding security issues and the status of Wasm proposals #3972

Open
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

lum1n0us
Copy link
Collaborator

No description provided.

doc/security_need_to_know.md Outdated Show resolved Hide resolved
doc/security_need_to_know.md Outdated Show resolved Hide resolved
doc/security_need_to_know.md Outdated Show resolved Hide resolved
doc/stability_wasm_proposals.md Outdated Show resolved Hide resolved
| Extended Constant Expressions | Yes | N/A |
| Typed Function References | Yes | `WAMR_BUILD_GC` |
| Thread | Yes | `WAMR_BUILD_SHARED_MEMORY` |
| Exception handling[^2] | Yes | `WAMR_BUILD_EXCE_HANDLING` |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is misleading because what we have is not the phase 4 version.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I will move this one to unimplemented Wasm proposals

@@ -0,0 +1,28 @@
# About security issues

This document aims to explain the process of identifying a security issue and the steps for managing a security issue.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the expected audiences and purposes of this document are not obvious to me.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The document is intended to:

  • Clarify to the community and TSC which types of issues will be recognized as security issues.
  • Provide a step-by-step guide on how to handle a security issue once it has been identified.
  • Ensure maintainers distinguish security issues from all reported community issues and address them with caution.
  • Encourage accurate reporting of security issues, rather than categorizing them as normal issues.

| Legacy Exception handling[^2] | Yes | `WAMR_BUILD_EXCE_HANDLING` |
| WebAssembly C and C++ API | No | N/A |

[^1]: jit and aot only
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to classify fast-jit and LLVM-jit?


Before reporting an issue, particularly one related to crashing, consult [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability), _Report a security vulnerability_ if it qualifies.

Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability .
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability .
Upon receiving an issue, thoroughly review [the cheat sheet](https://github.com/bytecodealliance/rfcs/blob/main/accepted/what-is-considered-a-security-bug.md#cheat-sheet-is-this-bug-considered-a-security-vulnerability) to assess and _Report a security vulnerability_ if the issue is indeed a security vulnerability.

- Enables users to perform actions they should not be able to.
- Allows users to deny actions they have performed.

Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that Wasm modules' execution is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it can be rephrased as "What remains for us is to ensure that the execution of Wasm modules is secure."

| Bulk memory operations | Yes | `WAMR_BUILD_BULK_MEMORY` |
| Fixed-width SIMD[^1] | Yes | `WAMR_BUILD_SIMD` |
| Extended Constant Expressions | Yes | N/A |
| Typed Function References | Yes | `WAMR_BUILD_GC` |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe type function references should be in off-by-default? Since it needs to enable GC first

| Tail call | Yes | `WAMR_BUILD_TAIL_CALL` |
| Garbage collection | Yes | `WAMR_BUILD_GC` |
| Multiple memories[^3] | Yes | `WAMR_BUILD_MULTI_MEMORY` |
| Memory64 | Yes | `WAMR_BUILD_MEMORY64` |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WAMR also have WAMR_BUILD_STRINGREF for Reference-Typed Strings, although it's only phase 1

Copy link
Collaborator

@TianlongLiang TianlongLiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM


## On-by-default Wasm Proposals

| Proposal | Phase 4 | Compilation Option |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Marking some proposals as Phase 4 is not verly accurate, in fact, Bulk memory operations, Fixed-width SIMD, Multi-value, Non-trapping float-to-int conversions and Sign-extension operators are finished proposals, and Extended Constant Expressions is in Phase 5, and some are in Phase 4. How about changing this column to Phase and setting its value to Finished, Phase 5, Phase 4 or others?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I intended to convey pass phase 4, but evidently, was not clear. Would >= Phase 4 be more accurate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants