Use WASI and WebAssembly to Make Applications More Secure

In this Shortcut, I’ll continue the discussion I began in the “Use Emscripten and WebAssembly to Do File I/O in the Browser” and “Use WASI and WebAssembly to Make Applications Portable” Shortcuts. If you have not read those, I encourage you to go back and do so. We are going to revisit a C++ application that copies a file, but we’ll consider it in a new, more secure environment. WASI makes applications portable by allowing a host environment to provide expected functionality in a variety of runtimes through its interfaces. In the mentioned Shortcuts, this included running a C++ application in a browser. WASI also allows us to strengthen our security profile by restricting access to that functionality under different circumstances. In this Shortcut, I am going to introduce a WASI-based open source environment called Wasmtime.

In the GitHub repository for this Shortcut, you should enter the directory 18-Wasi. This contains copy.cpp, the same file we used in the aforementioned Shortcuts. It is reused here for convenience and clarity:

#include <fstream> #include <iostream> using namespace std; int main() { string line; ifstream infile("copy.cpp"); ofstream outfile("copy.txt"); if( infile && outfile ) { while (getline(infile, line)) { outfile << line << "\n"; } cout << "Done\n"; } else { printf("File is not readable"); } infile.close(); outfile.close(); return 0; ...