Hacker News new | past | comments | ask | show | jobs | submit login

Breaking out of the sandbox easily. Check the OS, do syscalls to read and write to the filesystem, install a reverse shell and CC.



This doesn't make sense. A C compiler that has been compiled to javascript is still just a regular javascript program. It's not given special access to anything.


The JS based C compiler has no access outside the browser sandbox, but it is capable of generating actual executables which could potentially break out of the walled garden. That is why Microsoft ActiveX was deprecated as a security hazard and why their original proprietary browser was known as Internet Exploder.


Why go through the trouble of generating a blob of executable code at runtime rather than just including it in the JS source? The security guarantees are the same.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: