undefined | Better HN

0 pointssmoll8y ago0 comments

So, more like https://aws.amazon.com/lambda/edge/ ?

0 comments

That is correct. However, the design is very different. Lambda@Edge is, from what I can tell, based on running a full Node.js process in a process-level sandbox for each customer, whereas we are embedding V8 directly.

tolmasky8y ago

What are you embedding v8 into exactly? What happens if I figure out a buffer overflow in v8? What do I break out into? Is it solely process isolation? Is it in a container? A VM?

kentonv8y ago

> What are you embedding v8 into exactly?

C++ code.

Yeah, I know...

> What happens if I figure out a buffer overflow in v8?

You report it to Google for $15,000. ;)

More seriously, though, this is something we've spent a huge amount of effort worrying about. There are many layers of sandboxing and mitigation, including an incredibly tight seccomp filter, namespaces, cgroups, ASLR, architectural changes to keep sensitive secrets away from risky processes, etc. But we still worry and will continue to add more safeguards.

j / k navigate · click thread line to collapse

0 comments

kentonv8y ago

tolmasky8y ago

What are you embedding v8 into exactly? What happens if I figure out a buffer overflow in v8? What do I break out into? Is it solely process isolation? Is it in a container? A VM?

kentonv8y ago

> What are you embedding v8 into exactly?

C++ code.

Yeah, I know...

> What happens if I figure out a buffer overflow in v8?

You report it to Google for $15,000. ;)

j / k navigate · click thread line to collapse