I'd say it's "best effort secure".
In some use cases (levelDB), ValueSerializer reads data stored on disk, and
those bytes could be corrupted. Our intention is that no matter what the
data is, ValueSerializer should not crash (it should fail gracefully). If
this is not the case, please file bugs. (However, this invariant has turned
out to be invalid several times. We've fixed all bugs we're aware of, but
there might be some more lurking here.)
We also have fuzzers which exercise it via the d8 serializer API, roughly
like this:
data = d8.serializer.serialize(some_object);
data[some_index] = something else;
d8.serializer.deserialize(data);
However, ValueSerializer is not fuzzed and tested as thoroughly as our
general JavaScript execution parts of V8, so, I wouldn't regard it equally
secure. Use at your own risk.
On Thu, Jun 29, 2023 at 4:39 PM 'James Snell' via v8-dev <
v8-dev@googlegroups.com> wrote:
> Oh, and to be clear, our intent here is to implement the same API that
> Node.js currently exposes.
>
> ```
> import { serialize, deserialize } from 'node:v8';
>
> const data = serialize({ a: 'foo' });
> const value = deserialize(data);
> ```
>
> ```
> import { Serializer, Deserializer } from 'node:v8';
>
> const ser = new Serializer();
> ser.writeHeader();
> ser.writeValue({ a: 'foo' });
>
> const des = new Deserializer(ser.releaseBuffer());
> des.readHeader();
> console.log(des.readValue());
> ```
>
>
> On Thursday, June 29, 2023 at 7:28:44 AM UTC-7 Kenton Varda wrote:
>
>> Hi v8-dev,
>>
>> We (Cloudflare Workers team) are wondering how V8 feels about the
>> security of the ValueDeserializer API. Do you believe it's safe to parse
>> possibly-malicious input with this? My understanding is that Chrome does
>> not provide any way to input attacker-controlled bytes to the API today, so
>> wasn't sure if it's designed for that.
>>
>> I ask because we'd like to expose V8 serialization in Cloudflare Workers
>> for compatibility with Node.js, which already exposes this. But our threat
>> model is very different from Node, such that we care a lot more about the
>> security of the V8 sandbox.
>>
>> Relatedly, is ValueDeserializer covered by fuzzing today?
>>
>> Thanks,
>> -Kenton
>>
> --
> --
> v8-dev mailing list
> v8-dev@googlegroups.com
> http://groups.google.com/group/v8-dev
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to v8-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/v8-dev/d468377d-1f45-40eb-ba75-06d519fbe609n%40googlegroups.com
> <https://groups.google.com/d/msgid/v8-dev/d468377d-1f45-40eb-ba75-06d519fbe609n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
Google Germany GmbH
Erika-Mann-Straße 33
80636 München
Geschäftsführer: Paul Manicle, Liana Sebastian.
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten
haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter,
löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen,
dass die E-Mail an die falsche Person gesendet wurde.
This e-mail is confidential. If you received this communication by mistake,
please don't forward it to anyone else, please erase all copies and
attachments, and please let me know that it has gone to the wrong person.
--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/v8-dev/CAED6dUC%3DJM5bPnz%3DT_3HD0ybOEtBsOqsmx_T%3D1m7yDh6RcKc%2Bw%40mail.gmail.com.
