Is ValueDeserializer secure?

[Kenton Varda]

Hi v8-dev,

We (Cloudflare Workers team) are wondering how V8 feels about the security of the ValueDeserializer API. Do you believe it's safe to parse possibly-malicious input with this? My understanding is that Chrome does not provide any way to input attacker-controlled bytes to the API today, so wasn't sure if it's designed for that.

I ask because we'd like to expose V8 serialization in Cloudflare Workers for compatibility with Node.js, which already exposes this. But our threat model is very different from Node, such that we care a lot more about the security of the V8 sandbox.

Relatedly, is ValueDeserializer covered by fuzzing today?

Thanks,

-Kenton

[James Snell]

Oh, and to be clear, our intent here is to implement the same API that Node.js currently exposes.

```

import { serialize, deserialize } from 'node:v8';

const data = serialize({ a: 'foo' });

const value = deserialize(data);

```

```

import { Serializer, Deserializer } from 'node:v8';

const ser = new Serializer();

ser.writeHeader();

ser.writeValue({ a: 'foo' });

const des = new Deserializer(ser.releaseBuffer());

des.readHeader();

console.log(des.readValue());

```

[Marja Hölttä]

I'd say it's "best effort secure".

In some use cases (levelDB), ValueSerializer reads data stored on disk, and those bytes could be corrupted. Our intention is that no matter what the data is, ValueSerializer should not crash (it should fail gracefully). If this is not the case, please file bugs. (However, this invariant has turned out to be invalid several times. We've fixed all bugs we're aware of, but there might be some more lurking here.)

We also have fuzzers which exercise it via the d8 serializer API, roughly like this:

data = d8.serializer.serialize(some_object);

data[some_index] = something else;

d8.serializer.deserialize(data);

However, ValueSerializer is not fuzzed and tested as thoroughly as our general JavaScript execution parts of V8, so, I wouldn't regard it equally secure. Use at your own risk.

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/d468377d-1f45-40eb-ba75-06d519fbe609n%40googlegroups.com.

--

Google Germany GmbH

Erika-Mann-Straße 33

80636 München

Geschäftsführer: Paul Manicle, Liana Sebastian.

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.

    

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.

[James Snell]

I've implemented some fuzzing also for ValueDeserializer and so far have only found a couple of minor issues (e.g. for some randomized inputs it seems it is possible for `ValueDeserializer::ReadValue()` to return an empty `MaybeLocal` without throwing, and sometimes when it does throw `tryCatch.Exception()` is empty (which we treat as equivalent to `!tryCatch.CanContinue()`). Beyond that, so far, our fuzzing hasn't found anything else with `ValueDeserializer`.

I'm far less concerned about `ValueSerializer`, to be honest. 

[Marja Hölttä]

Clarification, I was using ValueSerializer to mean the whole component consisting of ValueSerializer & ValueDesierializer, so, both sides. Though, ValueDesierializer is of course more fragile because the input is raw bytes.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/c5470ddf-0098-46ff-9ae5-a9767de6bc0en%40googlegroups.com.

[Ben Noordhuis]

Single data point but I got paid $15k last year for
https://bugs.chromium.org/p/chromium/issues/detail?id=1339648 so on
the one hand, it's great it's covered by the VRP program, on the other
hand I wasn't even actively looking and still stumbled upon a fairly
critical bug. Probably a risky bet in a multi-tenant system like
Workers.

(I realize "VRP program" is like saying "ATM machine" but I still do it.)

[Leszek Swirski]

+sa...@chromium.org, do we have good fuzzing for ValueDeserializer? If not, should we expand it?

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAHQurc89pAEYYq_zNjiMjEVmdoXmV4Ao39ZfrqhcpCY09mX3SQ%40mail.gmail.com.

[Samuel Groß]

We added this fuzzer some time last year: https://github.com/googleprojectzero/fuzzilli/blob/700f669a1d38b787968229f7d7ab2a4d0a7bf2b7/Sources/FuzzilliCli/Profiles/V8Profile.swift#L278 and it found another handful of issues fairly quickly, but nothing ever since. I don't think there is too much room for improvement there.

ValueSerializer is an attack surface in Chrome as it potentially allows for a site isolation bypass if a compromised renderer process can compromise other renderer processes by sending malicious ValueSerializer data.

Cheers!

Samuel

[Marja Hölttä]

Additional data point:

saelo@ just pointed out we also had security bugs where the payload was well formed but caused V8 get confused while receiving it, e.g., https://bugs.chromium.org/p/chromium/issues/detail?id=1412487 (now public).

----

Does all this answer your Value(De)Serializer questions or is there more information you'd like to have on this topic?

To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAMyKh9dOED%2BmZ1R95pM_CFJUBeA92qFVSCZO4Tn%2BJ2xwNA%3DPtA%40mail.gmail.com.

[Kenton Varda]

Hi Marja,

Yes, this has been very helpful. Thanks!

My takeaway is that a year or two ago, exposing ValueDeserializer to attacker-controlled bytes would indeed have been unwise, but these days it seems like it's getting similar scrutiny to the rest of V8.

-Kenton

You received this message because you are subscribed to a topic in the Google Groups "v8-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/v8-dev/yLkUN9hRWTw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to v8-dev+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/v8-dev/CAED6dUAyzr01WRxPGxmA97expwsL%2BPGGbUeFhsh40LNVbCwcYg%40mail.gmail.com.