This is a strategy, but it typically falls apart against clever attackers who ar... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

UncleMeat on Nov 18, 2021 | parent | context | favorite | on: Backdooring Rust crates for fun and profit

This is a strategy, but it typically falls apart against clever attackers who are targeting you specifically. Hackers have been performing return-to-libc attacks forever where they don't actually get to write any code at all, just sequence code that already exists in your binary.

Java also tried this in a slightly more rigorous manner with the SecurityManager and that just ended up being a botch.

Ajedi32 on Nov 18, 2021 [–]

Yeah that's why I said it really depends on the host language to make such sandboxing feasible. If you're using a language that lets code write arbitrary data to arbitrary memory locations, implementing a secure sandbox is going to be pretty tricky.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact