Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security model #221

Closed
tjpalmer opened this issue Feb 27, 2019 · 12 comments
Closed

Security model #221

tjpalmer opened this issue Feb 27, 2019 · 12 comments
Assignees
@Hywan
Labels
❓ question I've a question!

Comments

@tjpalmer
Copy link

Hello. I was wondering if you intend to support sandboxing and some kind of security model. If it's in the readme or other documentation, I apologize for missing it.
@lachlansneff
Copy link
Contributor

Thanks for asking!

By design, webassembly is sandboxed by default. Aside from that, any sandboxing is really on the interface that's imported into your webassembly modules.

Our current emscripten implementation is not sandboxed whatsoever, but a strict security model is on our roadmap for future wasm abi implementations.

@tjpalmer
Copy link
Author

Sounds good. Since your home page shows starting a web server, I presumed that meant you had built in certain capabilities already. So I figured it was worth asking. Glad to hear it's in the plans. Maybe this or else more precise issues are worth keeping open until you have plans implemented and/or documented.

@syrusakbary syrusakbary added the ❓ question I've a question! label Mar 1, 2019
@al6x
Copy link

al6x commented Mar 29, 2019

By design, webassembly is sandboxed by default

Is it possible to set CPU cycle limit and Memory limit?

@Hywan
Copy link
Contributor

Hywan commented Mar 29, 2019

It is possible to limit the memory size, yes. But it's not possible to limit the CPU frequency. I think it falls to the OS to slow down the Wasmer runtime process. I don't know yet how to do that though.

@al6x
Copy link

al6x commented Mar 29, 2019
edited
Loading

Thank you! Is it possible to limit the execution time (roughly, with precision like +-100milliseconds for example)?

As for the memory limit - can you please point me to docs or info how to specify it?

@bjfish
Copy link
Contributor

bjfish commented Mar 29, 2019

@alexeyPetrushin It’s on our roadmap to provide metering of memory/cpu instructions and preemption based on those values and possibly timeouts.

bors bot added a commit that referenced this issue Sep 2, 2019
@bors @dependabot-preview
Merge #742
a10a6a9 
742: Bump structopt from 0.2.18 to 0.3.0 r=syrusakbary a=dependabot-preview[bot]

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

If you make any changes to it yourself then they will take precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.2.18 to 0.3.0.
<details>
<summary>Changelog</summary>

*Sourced from [structopt's changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md).*

> # v0.3.0 (2019-08-30)
> 
> ## Breaking changes
> 
> ### Bump minimum rustc version to 1.36 by [@&#8203;TeXitoi](https://github.com/TeXitoi)
> Now `rustc` 1.36 is the minimum compiler version supported by `structopt`,
> it likely won't work with older compilers.
> 
> ### Remove "nightly" feature
> Once upon a time this feature had been used to enable some of improvements
> in `proc-macro2` crate that were available only on nightly. Nowadays this feature doesn't
> mean anything so it's now removed.
> 
> ### Support optional vectors of arguments for distinguishing between `-o 1 2`, `-o` and no option provided at all by [@&#8203;sphynx](https://github.com/sphynx) ([#180](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/188)).
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> 
> fn main() {
>   assert_eq!(Opt::from_args(&["test"]), None);
>   assert_eq!(Opt::from_args(&["test", "--fruit"]), Some(vec![]));
>   assert_eq!(Opt::from_args(&["test", "--fruit=apple orange"]), Some(vec!["apple", "orange"]));
> }
> ```
> 
> If you need to fall back to the old behavior you can use a type alias:
> ```rust
> type Something = Vec<String>;
> 
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> ```
> 
> ### Change default case from 'Verbatim' into 'Kebab' by [@&#8203;0ndorio](https://github.com/0ndorio) ([#202](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/202)).
> `structopt` 0.3 uses field renaming to deduce a name for long options and subcommands.
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   http_addr: String, // will be renamed to `--http-addr`
> 
>   #[structopt(subcommand)]
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>

- [`673dbcc`](TeXitoi/structopt@673dbcc) Bump minimum rustc version to 1.36
- [`b57dde1`](TeXitoi/structopt@b57dde1) Update dependencies ([#227](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/227))
- [`8830771`](TeXitoi/structopt@8830771) Update documentation and changelog ([#236](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/236))
- [`6bd1a69`](TeXitoi/structopt@6bd1a69) Update keyvalue example ([#234](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/234))
- [`73db781`](TeXitoi/structopt@73db781) Update raw_bool_literal.rs ([#231](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/231))
- [`2363815`](TeXitoi/structopt@2363815) Update changelog
- [`dc5ec7a`](TeXitoi/structopt@dc5ec7a) Emit error about `raw` removal
- [`a91109c`](TeXitoi/structopt@a91109c) Change behavior of `about/author/version` and ad `no_version`
- [`5dfa606`](TeXitoi/structopt@5dfa606) Now error messages highlight the error location ([#225](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/225))
- [`94946c3`](TeXitoi/structopt@94946c3) Add documentation for `env` ([#221](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/221))
- Additional commits viewable in [compare view](TeXitoi/structopt@v0.2.18...v0.3.0)
</details>
<br />

[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)](https://dependabot.com/compatibility-score.html?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

**Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com).

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
bors bot added a commit that referenced this issue Sep 6, 2019
@bors @dependabot-preview @syrusakbary
Merge #742
278c7ea 
742: Bump structopt from 0.2.18 to 0.3.0 r=syrusakbary a=dependabot-preview[bot]

Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.2.18 to 0.3.0.
<details>
<summary>Changelog</summary>

*Sourced from [structopt's changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md).*

> # v0.3.0 (2019-08-30)
> 
> ## Breaking changes
> 
> ### Bump minimum rustc version to 1.36 by [@&#8203;TeXitoi](https://github.com/TeXitoi)
> Now `rustc` 1.36 is the minimum compiler version supported by `structopt`,
> it likely won't work with older compilers.
> 
> ### Remove "nightly" feature
> Once upon a time this feature had been used to enable some of improvements
> in `proc-macro2` crate that were available only on nightly. Nowadays this feature doesn't
> mean anything so it's now removed.
> 
> ### Support optional vectors of arguments for distinguishing between `-o 1 2`, `-o` and no option provided at all by [@&#8203;sphynx](https://github.com/sphynx) ([#180](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/188)).
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> 
> fn main() {
>   assert_eq!(Opt::from_args(&["test"]), None);
>   assert_eq!(Opt::from_args(&["test", "--fruit"]), Some(vec![]));
>   assert_eq!(Opt::from_args(&["test", "--fruit=apple orange"]), Some(vec!["apple", "orange"]));
> }
> ```
> 
> If you need to fall back to the old behavior you can use a type alias:
> ```rust
> type Something = Vec<String>;
> 
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> ```
> 
> ### Change default case from 'Verbatim' into 'Kebab' by [@&#8203;0ndorio](https://github.com/0ndorio) ([#202](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/202)).
> `structopt` 0.3 uses field renaming to deduce a name for long options and subcommands.
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   http_addr: String, // will be renamed to `--http-addr`
> 
>   #[structopt(subcommand)]
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>

- [`673dbcc`](TeXitoi/structopt@673dbcc) Bump minimum rustc version to 1.36
- [`b57dde1`](TeXitoi/structopt@b57dde1) Update dependencies ([#227](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/227))
- [`8830771`](TeXitoi/structopt@8830771) Update documentation and changelog ([#236](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/236))
- [`6bd1a69`](TeXitoi/structopt@6bd1a69) Update keyvalue example ([#234](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/234))
- [`73db781`](TeXitoi/structopt@73db781) Update raw_bool_literal.rs ([#231](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/231))
- [`2363815`](TeXitoi/structopt@2363815) Update changelog
- [`dc5ec7a`](TeXitoi/structopt@dc5ec7a) Emit error about `raw` removal
- [`a91109c`](TeXitoi/structopt@a91109c) Change behavior of `about/author/version` and ad `no_version`
- [`5dfa606`](TeXitoi/structopt@5dfa606) Now error messages highlight the error location ([#225](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/225))
- [`94946c3`](TeXitoi/structopt@94946c3) Add documentation for `env` ([#221](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/221))
- Additional commits viewable in [compare view](TeXitoi/structopt@v0.2.18...v0.3.0)
</details>
<br />

[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)](https://dependabot.com/compatibility-score.html?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

**Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com).

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Syrus Akbary <me@syrusakbary.com>
bors bot added a commit that referenced this issue Sep 6, 2019
@bors @dependabot-preview @syrusakbary
Merge #742
30d80c3 
742: Bump structopt from 0.2.18 to 0.3.0 r=MarkMcCaskey a=dependabot-preview[bot]

Bumps [structopt](https://github.com/TeXitoi/structopt) from 0.2.18 to 0.3.0.
<details>
<summary>Changelog</summary>

*Sourced from [structopt's changelog](https://github.com/TeXitoi/structopt/blob/master/CHANGELOG.md).*

> # v0.3.0 (2019-08-30)
> 
> ## Breaking changes
> 
> ### Bump minimum rustc version to 1.36 by [@&#8203;TeXitoi](https://github.com/TeXitoi)
> Now `rustc` 1.36 is the minimum compiler version supported by `structopt`,
> it likely won't work with older compilers.
> 
> ### Remove "nightly" feature
> Once upon a time this feature had been used to enable some of improvements
> in `proc-macro2` crate that were available only on nightly. Nowadays this feature doesn't
> mean anything so it's now removed.
> 
> ### Support optional vectors of arguments for distinguishing between `-o 1 2`, `-o` and no option provided at all by [@&#8203;sphynx](https://github.com/sphynx) ([#180](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/188)).
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> 
> fn main() {
>   assert_eq!(Opt::from_args(&["test"]), None);
>   assert_eq!(Opt::from_args(&["test", "--fruit"]), Some(vec![]));
>   assert_eq!(Opt::from_args(&["test", "--fruit=apple orange"]), Some(vec!["apple", "orange"]));
> }
> ```
> 
> If you need to fall back to the old behavior you can use a type alias:
> ```rust
> type Something = Vec<String>;
> 
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   fruit: Option<Vec<String>>,
> }
> ```
> 
> ### Change default case from 'Verbatim' into 'Kebab' by [@&#8203;0ndorio](https://github.com/0ndorio) ([#202](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/202)).
> `structopt` 0.3 uses field renaming to deduce a name for long options and subcommands.
> 
> ```rust
> #[derive(StructOpt)]
> struct Opt {
>   #[structopt(long)]
>   http_addr: String, // will be renamed to `--http-addr`
> 
>   #[structopt(subcommand)]
></tr></table> ... (truncated)
</details>
<details>
<summary>Commits</summary>

- [`673dbcc`](TeXitoi/structopt@673dbcc) Bump minimum rustc version to 1.36
- [`b57dde1`](TeXitoi/structopt@b57dde1) Update dependencies ([#227](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/227))
- [`8830771`](TeXitoi/structopt@8830771) Update documentation and changelog ([#236](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/236))
- [`6bd1a69`](TeXitoi/structopt@6bd1a69) Update keyvalue example ([#234](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/234))
- [`73db781`](TeXitoi/structopt@73db781) Update raw_bool_literal.rs ([#231](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/231))
- [`2363815`](TeXitoi/structopt@2363815) Update changelog
- [`dc5ec7a`](TeXitoi/structopt@dc5ec7a) Emit error about `raw` removal
- [`a91109c`](TeXitoi/structopt@a91109c) Change behavior of `about/author/version` and ad `no_version`
- [`5dfa606`](TeXitoi/structopt@5dfa606) Now error messages highlight the error location ([#225](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/225))
- [`94946c3`](TeXitoi/structopt@94946c3) Add documentation for `env` ([#221](https://github-redirect.dependabot.com/TeXitoi/structopt/issues/221))
- Additional commits viewable in [compare view](TeXitoi/structopt@v0.2.18...v0.3.0)
</details>
<br />

[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)](https://dependabot.com/compatibility-score.html?dependency-name=structopt&package-manager=cargo&previous-version=0.2.18&new-version=0.3.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

**Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com).

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

</details>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Syrus Akbary <me@syrusakbary.com>
Co-authored-by: Mark McCaskey <mark@wasmer.io>
@webmaster128
Copy link
Contributor

webmaster128 commented Apr 6, 2020
edited
Loading

It is possible to limit the memory size, yes.

How would you do that? I don't see and interface for that in wasmer_runtime::Module::instantiate.

In my tests, some Wasm was able to allocate 2x2 GB before hitting some kind of default limit.

This was referenced Apr 6, 2020
Closed
Closed
@coolreader18
Copy link
Contributor

I'm looking into adding an execution timeout middleware, what do you think the best way to go about it would be? My current plan would be to just implicitly depend on a wasi clock_time_get import and compare that value with some preset one, but are there any other ways to monitor time in wasm/wasmer without depending on imports?

@jcaesar
Copy link
Contributor

jcaesar commented Jul 13, 2021

  • Instead of limiting execution time, wasmer can limit the number of instructions executed: metering.rs.
  • 2×2GB is probably simply the limit addressable in 32 bit wasm? A lower limit can be set through tunables.

@Hywan
Copy link
Contributor

Hywan commented Jul 13, 2021

@al6x, @webmaster128:

As for the memory limit - can you please point me to docs or info how to specify it?

https://github.com/wasmerio/wasmer/blob/ec36089cbf4a65b768501ba38f3d63baad6badf3/examples/tunables_limit_memory.rs

@Hywan
Copy link
Contributor

Hywan commented Jul 13, 2021

@coolreader18 I think it's a good idea to start with something simple, even based on the host clock. I'll let you open an issue or a PR to track your progression and the discussion :-).

@Hywan Hywan self-assigned this Jul 13, 2021
@Hywan Hywan closed this as completed Jul 13, 2021
@syrusakbary
Copy link
Member

syrusakbary commented Nov 24, 2022
edited
Loading

Quick clarification: Wasmer VM is fully sandboxed by default. Wasmer is also fully sandboxed when used with WASI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Hywan Hywan

Labels
❓ question I've a question!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@tjpalmer @al6x @bjfish @syrusakbary @Hywan @jcaesar @webmaster128 @lachlansneff @coolreader18