DEV Community

loading...

Discussion on: How AWS Lambda Works Under The Hood

Collapse
newworldman profile image
BP

This is very interesting. Is there a chance corrupted code gets copied into these VMs, and stays in memory, even after the VMs get shut down in Firecracker?

Collapse
oliverjumpertz profile image
Oliver Jumpertz Author

It's pretty difficult, if not impossible to make that happen. Firecracker creates its microVMs with KVM, which is a Linux Kernel feature.

It was first merged into the kernel in 2007, and thus had a lot of time to to be penetration tested.

Additionally, the VMs created only run with a very limited device set (even the keyboard device is only implemented to shut down the VM).

So overall those VMs are pretty safe, and even if you manage to get corrupted code into the VM, the likelyhood of it being able to break something is very low. But of course, the chances are never zero that someone still finds a way. 😊

Collapse
newworldman profile image
BP

Oh, ok, thank you. I was wondering from the standpoint of something not working correctly, maybe contributing to a constant CORS error, but perhaps that wouldn't happen.