On 22/06/02 07:51AM, Theo de Raadt wrote:
> My take on this is that WASM is quite simply just new attack surface.
>
...
> I promise you, major security issues will occur. It won't neccessarily be
> in the wasm "executed language", but it will be in the capabilities exported
> by the browser code to create the environment, and it is going to suck.
Thanks for your insights on this, I agree WASM can be a major attack
surface and should remain disabled by default. But would it be
acceptable to document this flag with strong wordings to discourage
the users from enable it for longer than what absolutely needed?
The current document-in-CVS-log state seems suboptimal to me.
>
> WASM is not required on the open internet. Not required Today. Hopefully never.
I think we unfortunately now already live in such a world, both
BigBlueButton and jitsi make use of WASM, and BigBlueButton won't let
me join a meeting without having WASM enabled, I think they are by far
the most open online meeting software out there.
>
> We want software which has the maximum powerful behaviours, but there is a
> friction because we really should insist it is done with the least amount of
> increased complexity. And the tradeoff with wasm seems quite poor.
>
No comments:
Post a Comment