one thing I've been curious about is since workerd is not a secure sandbox, what... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thdxr on Sept 27, 2022 \| parent \| context \| favorite \| on: Workerd: Open-source Cloudflare workers runtime one thing I've been curious about is since workerd is not a secure sandbox, what does Cloudflare use internally to make it secure? AWS uses/maintains Firecracker which meets criteria to be considered secure but has a 300ms start. I've been confused how Cloudflare can sandbox things safely without the same cost

sixo on Sept 27, 2022 [–]

The post links to this: https://blog.cloudflare.com/mitigating-spectre-and-other-sec...

so the answer is, a lot of things: * v8 isolates

* private processes for debugging/inspection

* "cordoned" V8 runtimes organized by level of trust (guards against V8 zero-days for one)

* linux namespacing as an outer sandbox layer, blocking fs and network access

* explicitly allowed capability-based security ...etc.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact