From 2006 to 2010, my primary role at Google was JavaScript execution in the ind... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		KMag on May 12, 2015 \| parent \| context \| favorite \| on: How Googlebot crawls JavaScript From 2006 to 2010, my primary role at Google was JavaScript execution in the indexing pipeline. I knew I was likely executing every known JavaScript engine exploit out there plus a good number of 0-days, and ran the javascript engine in a single-threaded subprocess with a greatly restricted set of allowed system calls. Certainly the right combination of kernel zero-days and JS interpreter exploits could be used to take over the machine, but it would be non-trivial.

gwern on May 12, 2015 [–]

> ran the javascript engine in a single-threaded subprocess with a greatly restricted set of allowed system calls.

You were trying to sandbox the JS engine rather than using disposable VMs?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact