src/wasmtime/crates/lind-multi-process/src/lib.rs:1094-1096
Module::deserialize_file loads pre-compiled native code from guest-writable paths within the chroot. A malicious guest could replace a .cwasm file and achieve arbitrary native code execution.
Should use Module::from_file unless cwasm files are in a read-only location.
src/wasmtime/crates/lind-multi-process/src/lib.rs:1094-1096Module::deserialize_fileloads pre-compiled native code from guest-writable paths within the chroot. A malicious guest could replace a.cwasmfile and achieve arbitrary native code execution.Should use
Module::from_fileunless cwasm files are in a read-only location.