undefined | Better HN

0 pointsbartwe8y ago0 comments

Multi threading brings in all kinds of security issues

0 comments

But without multithreading, you can use 1/4th or 1/8th of the computation power available on your average consumer device.

What kind of issues are you thinking about? Multithreading is not easy but your typical race conditions and multi threaded problems aren't really opening doors to any new security exploits.

Browsers and WASM have quite decent sandboxing to mitigate security issues. There's WebWorkers already which brings a limited form of threads to the browser.

I'm not seeing a problem with multiple threads in a browser.

marcosdumay8y ago

What kinds of security issues? I really can't think of any besides some issues with too many threads spawned (that can be trivially blocked).

oconnor6638y ago

Could be a new source of undefined behavior and memory exploits, if threaded code is allowed to access collections that allocate memory without taking all the locks they should?

marcosdumay8y ago

Inside the VM, yes. But not a security threat for the host.

The VM should be sandboxing the pages from each other, so those are potential security threats against targets on the same pages only. Not something to be too concerned about.

1 more reply

singularity20018y ago

even in the very sandboxed context of WebAssembly?

j / k navigate · click thread line to collapse

0 comments

exDM698y ago

But without multithreading, you can use 1/4th or 1/8th of the computation power available on your average consumer device.

What kind of issues are you thinking about? Multithreading is not easy but your typical race conditions and multi threaded problems aren't really opening doors to any new security exploits.

Browsers and WASM have quite decent sandboxing to mitigate security issues. There's WebWorkers already which brings a limited form of threads to the browser.

I'm not seeing a problem with multiple threads in a browser.

marcosdumay8y ago

What kinds of security issues? I really can't think of any besides some issues with too many threads spawned (that can be trivially blocked).

oconnor6638y ago

Could be a new source of undefined behavior and memory exploits, if threaded code is allowed to access collections that allocate memory without taking all the locks they should?

marcosdumay8y ago

Inside the VM, yes. But not a security threat for the host.

The VM should be sandboxing the pages from each other, so those are potential security threats against targets on the same pages only. Not something to be too concerned about.

1 more reply

singularity20018y ago

even in the very sandboxed context of WebAssembly?

j / k navigate · click thread line to collapse