The trusted base for Crochet is too big! #24
Labels
error
Something is confusing, misbehaving, or harmful.
s:1 moderate
This is bad. We should deal with this as soon as possible.
Milestone
Currently all of the packages in the standard distribution are part of the trusted base. Packages in the trusted base get more powerful FFI access, construction and projection capabilities over intrinsic types, and are able to load native code without requiring a native capability.
This makes the surface of dangerous attacks in Crochet too large. Bugs in an otherwise innocuous package, such as
crochet.text.regex
, could allow malicious code to get access to all of this power, effectively subverting most of the runtime safety mechanisms in Crochet.This won't be addressed for the first experimental release, as it requires significant amount of work around safe native code support, but it's important that people are aware of this issue.
The text was updated successfully, but these errors were encountered: