WASM Program Bypasses node:wasi Filesystem Sandbox
2024-12-15
This project demonstrates a proof-of-concept showcasing how a WASM program can bypass the preopens directory restriction in node:wasi to access files outside the sandbox. Normally, WASM programs are limited to accessing pre-opened directories. However, by cleverly using symbolic links to replace files at a precise moment and running an external process, this limitation can be circumvented. This is not a practical security vulnerability in node:wasi, but rather a potential edge case. The project highlights that one shouldn't rely on node:wasi to completely prevent malicious code from accessing external files.
Development