V8 Sandbox will be enabled by default in 10.8
40 views
Skip to first unread message
Samuel Groß
Sep 23, 2022, 5:16:34 AM9/23/22
to v8-u...@googlegroups.com
Hi!
With this change we are enabling the V8 Sandbox by default when building V8 using gn. The sandbox has already been enabled in Chromium for some time now, and this change (again) makes standalone V8 builds reflect the configuration that is shipping in Chromium.
Some things to note: The sandbox should *not* yet be considered a strong security boundary (more details in an upcoming blog post). Further, the sandbox can only provide security benefits in cases where untrusted JavaScript is being executed by V8 (such as is the case in Chromium). It has no effect when the JavaScript code is considered trusted. Finally, to operate securely, the sandbox also needs cooperation from the Embedder, such as a special ArrayBufferAllocator (see e.g. this allocator for an example) and likely other things in the future. To disable the sandbox, the `v8_enable_sandbox=false` gn flag can be used.
Cheers!
Samuel
With this change we are enabling the V8 Sandbox by default when building V8 using gn. The sandbox has already been enabled in Chromium for some time now, and this change (again) makes standalone V8 builds reflect the configuration that is shipping in Chromium.
Some things to note: The sandbox should *not* yet be considered a strong security boundary (more details in an upcoming blog post). Further, the sandbox can only provide security benefits in cases where untrusted JavaScript is being executed by V8 (such as is the case in Chromium). It has no effect when the JavaScript code is considered trusted. Finally, to operate securely, the sandbox also needs cooperation from the Embedder, such as a special ArrayBufferAllocator (see e.g. this allocator for an example) and likely other things in the future. To disable the sandbox, the `v8_enable_sandbox=false` gn flag can be used.
Cheers!
Samuel
Reply all
Reply to author
Forward
0 new messages