-
|
What are the thoughts on how endojs would handle untrusted code that might abuse the virtual machine host by either calculating pi to the nth digit thus blocking the cpu, or constantly allocate buffers and consume all the memory of the host? Would wasm running inside endojs have the same problem, could it constantly allocate memory inside the wasm sandox, or calculate pi blocking the javascript calling it indefinitely? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
For the moment, the idea is that each guest will by default get its own worker and must ask the user for more workers. So the guest can use In this early incarnation of the Pet Daemon, workers are Node.js processes and we do not impose heap constraints. We could conceivably recruit the OS to cap this, and of course in the worst case, the OOM killer comes for us all. In a later incarnation, we may put workers in XS |
Beta Was this translation helpful? Give feedback.
For the moment, the idea is that each guest will by default get its own worker and must ask the user for more workers. So the guest can use
for (;;);to foul its own environment. The user can also choose to place multiple tenants in a single worker, allowing them to interfere with each other’s availability. The daemon monitors event loop health. The user can terminate unhealthy workers.In this early incarnation of the Pet Daemon, workers are Node.js processes and we do not impose heap constraints. We could conceivably recruit the OS to cap this, and of course in the worst case, the OOM killer comes for us all.
In a later incarnation, we may put workers in XS
xsnapchild processes the way…