WASI API: Capabilities and Filesystems
The blog post delves into WASI's filesystem API design, focusing on handles, sandboxing, and avoiding absolute paths for security. It discusses ambient authority, access control, typed APIs, and future authority evolution. Emphasizes enhancing compatibility with existing tools.
Read original article
The blog post discusses the design of the filesystem API in WebAssembly System Interface (WASI) and the incorporation of capabilities into filesystem APIs. It highlights the use of handles for filesystem API functions, enforcing sandboxing to prevent security vulnerabilities, and the avoidance of absolute paths for security and portability reasons. The post also explores the concept of ambient authority, granularity in access control, and the potential evolution of link-time authority to runtime authority in the future. It suggests the use of typed APIs for finer-grained access control and discusses the implications of using filesystem paths instead of handles. The post concludes by emphasizing the need to re-evaluate the design of WASI filesystem to enhance familiarity and compatibility with existing tools and libraries.
Related
SquirrelFS: Using the Rust compiler to check file-system crash consistency
The paper introduces SquirrelFS, a crash-safe file system using Rust's typestate pattern for compile-time operation order enforcement. Synchronous Soft Updates ensure crash safety by maintaining metadata update order. SquirrelFS offers correctness guarantees without separate proofs, quickly verifying crash consistency during compilation. Comparative evaluations show SquirrelFS performs similarly or better than NOVA and WineFS.
How to Design an ISA
The article explores designing Instruction Set Architectures (ISAs), focusing on RISC-V's rise. David Chisnall highlights ISA's role as a bridge between compilers and microarchitecture, emphasizing the challenges and importance of a well-designed ISA for optimal performance in various computing environments.
MIME, RSS, and Existential Torment
Xe Iaso recounts fixing their RSS feed problem caused by MIME types. The solution involved updating MIME configurations, showcasing technical insights and the importance of understanding web development intricacies.
Below MI – IBM I for Hackers
IBM i system offers full control over hardware and software, utilizing Machine Interface for abstract development and memory safety. It operates on POWER CPU with 64-bit big-endian architecture, featuring unique security levels and Single-Level Storage for memory management. Control flow is managed through register conventions and stack operations. The system lacks memory safety, allowing out-of-bounds memory access. Security levels range from no security to C2 level, with Security Level 40 recommended. The writeup delves into memory management, control flow, and security mechanisms for evaluating memory safety and exploitation.
Dynamic Translation of Smalltalk to WebAssembly
The article explores Smalltalk code translation to WebAssembly (WASM) within the Catalyst project. It details levels of Smalltalk, JavaScript, and WASM, focusing on direct Smalltalk to WASM optimization. A new translator, WATCompiledMethodTranslator, aids in this process, exemplified by a Smalltalk expression conversion. Creation of a WASM module for Smalltalk methods is explained, highlighting performance advantages and potential future comparisons with dynamic JS translations. Collaboration in the Smalltalk community is encouraged for further advancement.
1 commentsRelated
SquirrelFS: Using the Rust compiler to check file-system crash consistency
The paper introduces SquirrelFS, a crash-safe file system using Rust's typestate pattern for compile-time operation order enforcement. Synchronous Soft Updates ensure crash safety by maintaining metadata update order. SquirrelFS offers correctness guarantees without separate proofs, quickly verifying crash consistency during compilation. Comparative evaluations show SquirrelFS performs similarly or better than NOVA and WineFS.
How to Design an ISA
The article explores designing Instruction Set Architectures (ISAs), focusing on RISC-V's rise. David Chisnall highlights ISA's role as a bridge between compilers and microarchitecture, emphasizing the challenges and importance of a well-designed ISA for optimal performance in various computing environments.
MIME, RSS, and Existential Torment
Xe Iaso recounts fixing their RSS feed problem caused by MIME types. The solution involved updating MIME configurations, showcasing technical insights and the importance of understanding web development intricacies.
Below MI – IBM I for Hackers
IBM i system offers full control over hardware and software, utilizing Machine Interface for abstract development and memory safety. It operates on POWER CPU with 64-bit big-endian architecture, featuring unique security levels and Single-Level Storage for memory management. Control flow is managed through register conventions and stack operations. The system lacks memory safety, allowing out-of-bounds memory access. Security levels range from no security to C2 level, with Security Level 40 recommended. The writeup delves into memory management, control flow, and security mechanisms for evaluating memory safety and exploitation.
Dynamic Translation of Smalltalk to WebAssembly
The article explores Smalltalk code translation to WebAssembly (WASM) within the Catalyst project. It details levels of Smalltalk, JavaScript, and WASM, focusing on direct Smalltalk to WASM optimization. A new translator, WATCompiledMethodTranslator, aids in this process, exemplified by a Smalltalk expression conversion. Creation of a WASM module for Smalltalk methods is explained, highlighting performance advantages and potential future comparisons with dynamic JS translations. Collaboration in the Smalltalk community is encouraged for further advancement.