Skip to content

doc(security,aot): added security guidance around AoT binaries #4867

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
srberard wants to merge 1 commit into
base: main
Choose a base branch
from
+14 −3
Open

doc(security,aot): added security guidance around AoT binaries #4867

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions doc/security_need_to_know.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ This document aims to explain the process of identifying a security issue and th
## identifying a security issue

It is commonly stated that a security issue is an issue that:

- Exposes sensitive information to unauthorized parties.
- Allows unauthorized modification of data or system state.
- Affects the availability of the system or its services.
Expand All @@ -15,13 +14,25 @@ It is commonly stated that a security issue is an issue that:

Given that WASI is a set of Capability-based APIs, all unauthorized actions are not supposed to happen. Most of the above security concerns can be alleviated. What remains for us is to ensure that the execution of Wasm modules is secure. In other words, do not compromise the sandbox. Unless it is explicitly disabled beforehand.

WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cash crashes may be considered as bugs but are not classified as security issues.
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo/wording issue: "cash crashes" reads like a typo and changes the meaning. Please correct (e.g., "cause crashes"/"crash") and consider removing the extra double-spaces/trailing spaces in this paragraph for readability.

Suggested change
WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cash crashes may be considered as bugs but are not classified as security issues.
WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cause crashes may be considered as bugs but are not classified as security issues.

Copilot uses AI. Check for mistakes.

If the AoT compiler and/or related tools emit an AoT binary that causes a breach of the Wasm sandbox or a crash is considered a potential security issue. It is assumed that the correct configuration and options are used when generating AoT binaries. Misconfiguration or misuse of the tooling options, therefore, are not considered to be security issues.
Comment on lines +17 to +19
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence is grammatically incorrect/ambiguous ("emit ... that causes ... or a crash is considered"). Please rephrase so it's clear that an AoT toolchain producing a sandbox breach/crash is treated as a potential security issue (and keep subject/verb agreement consistent throughout).

Suggested change
WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cash crashes may be considered as bugs but are not classified as security issues.
If the AoT compiler and/or related tools emit an AoT binary that causes a breach of the Wasm sandbox or a crash is considered a potential security issue. It is assumed that the correct configuration and options are used when generating AoT binaries. Misconfiguration or misuse of the tooling options, therefore, are not considered to be security issues.
WebAssembly binaries are considered untrusted. A Wasm binary that causes a breach of the Wasm sandbox or a crash of the runtime is considered to be a potential security issue. On the other hand, Ahead-of-Time (AoT) binaries are assumed to be generated by a trusted source and using the supported toolchain. Therefore, AoT binaries are considered trusted. As such, malformed or manipulated AoT binaries that breach the sandbox or cause crashes of the runtime may be considered as bugs but are not classified as security issues.
If the AoT compiler and/or related tools emit an AoT binary that breaches the Wasm sandbox or causes the runtime to crash, this indicates a potential security issue in the AoT toolchain. It is assumed that the correct configuration and options are used when generating AoT binaries. Misconfiguration or misuse of the tooling options, therefore, is not considered to be a security issue.

Copilot uses AI. Check for mistakes.

### Is this bug considered a security vulnerability?

#### For someone who finds a problem

if a bug **results in crash or hang**, please treat it as a security problem and report it to a security advisor. The maintainer will look into it and change its category if needed. It is better safe than sorry.

If the author of an issue(results in crash or hang) can go through the following checklist and answer all questions with "No", it is fine to mark it as a regular bug. If not, please report it as a security issue.
If the author of an issue(results in crash or hang) can go through the checklist below and answer all questions with "No", it is fine to mark it as a regular bug. If not, please report it as a security issue.
Copy link
Contributor

@lum1n0us lum1n0us Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original idea here is to use an easily recognizable characteristic to let the author finish a quick initial triage. Maybe a better description would be:

  • If an issue is a hang or crash, report it as a security issue.
  • If an issue doesn't end up with a hang or crash, but allows any of the following questions to be answered as YES, report it as a security issue.

But is this too strict?


Does the
Copy link
Contributor

@lum1n0us lum1n0us Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we can provide a list with WASM/WAMR-specific questions, such as escaping the sandbox, exposing unauthorized WASI APIs, and so on.

- Exposes sensitive information to unauthorized parties.
- Allows unauthorized modification of data or system state.
- Affects the availability of the system or its services.
- Permits unauthorized access to the system.
- Enables users to perform actions they should not be able to.
- Allows users to deny actions they have performed.
Comment on lines +29 to +35
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The checklist prompt is incomplete ("Does the"), and the bullets read like standalone statements ("Exposes", "Allows", etc.). Please rewrite this as a complete question (e.g., "Does the issue:" / "Does the bug:") and make the bullets grammatically consistent so readers can answer "Yes/No" unambiguously.

Suggested change
Does the
- Exposes sensitive information to unauthorized parties.
- Allows unauthorized modification of data or system state.
- Affects the availability of the system or its services.
- Permits unauthorized access to the system.
- Enables users to perform actions they should not be able to.
- Allows users to deny actions they have performed.
Does the issue:
- expose sensitive information to unauthorized parties?
- allow unauthorized modification of data or system state?
- affect the availability of the system or its services?
- permit unauthorized access to the system?
- enable users to perform actions they should not be able to?
- allow users to deny actions they have performed?

Copilot uses AI. Check for mistakes.

---

Expand All @@ -35,7 +46,7 @@ Actions that differ from Wasm rules (like calculating wrong values) are not seen

By default, native APIs and CLIs are following the principle of **caller guarantee**. If the caller provides incorrect parameters or users input malformed options, it is not a security issue. For example, if a user passes an invalid file descriptor to `fd_read`, it is not a security issue.

.wasm are not trusted. Malformed .wasm files should be handled gracefully. If a .wasm file causes a runtime crash or hang, it is a security issue. On the other hand, it's expected that aot runtime alone doesn't provide the same guarantee. So user-crafted .aot can cause anything, including crashes or hangs. They are not considered security issues.
WebAssembly binaries are not trusted. Malformed .wasm files should be handled gracefully. If a .wasm file causes a runtime crash or hang, it is a security issue. On the other hand, it's expected that aot runtime alone doesn't provide the same guarantee. So user-crafted .aot can cause anything, including crashes or hangs. They are not considered security issues.
Copy link

Copilot AI Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This paragraph now conflicts with the earlier guidance that AoT binaries are considered trusted when produced by a trusted source/toolchain. It currently says "user-crafted .aot can cause anything"; please align terminology and threat model across both sections (trusted AoT vs untrusted/hand-crafted AoT) to avoid contradictory guidance.

Copilot uses AI. Check for mistakes.

A denial-of-service (DoS) attack is a cyberattack that aims to make a computer or network resource unavailable to its users. If the service (runtime in this case) can recover and start another module or run another function within the same instance, it is not considered unavailable, and thus not a Denial of Service (DoS).

Expand Down