Is it safe to use metering to run untrusted guest code?

[kvinwang]

Hi, there.
I want to use wasmer-middlewares::metering to limit the gas that guest code can use. I found that the metering achieves this feature by injecting a global variable wasmer_metering_remaining_points to track the gas. So, I wonder if it is possible that guest code bypasses the limit by modifying the value of wasmer_metering_remaining_points?
However, I dumped the entire instance memory and couldn't find the value of wasmer_metering_remaining_points inside it. Isn't the wasmer_metering_remaining_points stored in the instance memory?

[jcaesar]

It shouldn't be possible for the guest to bypass the metering restrictions:

Isn't the wasmer_metering_remaining_points stored in the instance memory?

It is not. WASM linear memory is separated from the locals on the call stack and the globals. (Besides security, this also helps optimization.)

I found that the metering achieves this feature by injecting a global variable wasmer_metering_remaining_points to track the gas.

To be overly accurate: It inserts a new global. This global doesn't have a name, only an index, and it's always a new global that the module doesn't otherwise have access to. (Shouldn't, at least. I haven't tried what happens if you try to access a global index once past the number of existing globals. I'd expect the module to be rejected at validation. Might be worth checking.)
The global is exported by the name wasmer_metering_remaining_points, which means that the host can access it to read and modify it.

[kvinwang]

Thanks for the explanation.

I haven't tried what happens if you try to access a global index once past the number of existing globals. I'd expect the module to be rejected at validation. Might be worth checking.

Just tested. It would be rejected.