From 714ffd04dadd339d383b9a1fc8af7c7a2a0db35e Mon Sep 17 00:00:00 2001 From: Thomas Lively Date: Wed, 9 Jul 2025 17:50:03 -0700 Subject: [PATCH] Add privacy and security considerations --- .../shared-everything-threads/Overview.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/proposals/shared-everything-threads/Overview.md b/proposals/shared-everything-threads/Overview.md index 6a4aba4..94fce27 100644 --- a/proposals/shared-everything-threads/Overview.md +++ b/proposals/shared-everything-threads/Overview.md @@ -968,3 +968,21 @@ validation constraints on shared functions are intended to be future-compatible continuation references. [stack-switching]: https://github.com/WebAssembly/stack-switching + +### What are the security considerations? + +Shared memory and atomic operations allow for the construction of high-resolution timers that +can make side channel attacks such as [Spectre] more effective. +However, these problems already exist with SharedArrayBuffers and shared WebAssembly memories. +This proposal will use the same mitigations already used for SharedArrayBuffers: +Just like `SharedArrayBuffer`s, shared WebAssembly objects will not be able to be sent to other +threads via `postMessage` except in cross-origin isolated contexts. + +[Spectre]: https://en.wikipedia.org/wiki/Spectre_(security_vulnerability) + +### What are the privacy considerations? + +The same high-resolution timers mentioned above could in principle be used to measure the +performance characteristics of a user's platform to generate fingerprinting data. +As with the security considerations, +there are no new risks that are not already present with SharedArrayBuffers.