[cap-talk] Google's Native Client (NaCl)
Mark Seaborn
mrs at mythic-beasts.com
Sun Jan 11 13:45:04 EST 2009
You've probably heard about Google's Native Client (a.k.a. NaCl) which
was announced last month [1]. It looks very promising.
It is a clever hack to get around the lack of sandboxing facilities in
Windows and Linux. It uses x86 segmentation to constrain memory
access (rather like Vx32, which Baldur Johannsson posted about in
November, and also like EROS and L4's "small spaces"). It has a
verifier for x86 code which disallows instructions that would be
unsafe such as syscalls. To ensure that x86 code can be reliably
disassembled, it enforces that all indirect jumps are to
32-byte-aligned addresses, and instructions may not straddle these 32
byte blocks.
Google are aiming this as an alternative or complement to Javascript
for running code inside the Web browser, but it could be used as a
general purpose OS security mechanism.
I am having a go at porting glibc to NaCl [2] in order to make it
easier to port software from GNU/Linux to NaCl. I have got as far as
running a "hello world" test program with dynamic linking with some of
NaCl's checks switched off.
Mark
[1] http://code.google.com/p/nativeclient/
[2] http://lackingrhoticity.blogspot.com/2009/01/what-does-nacl-mean-for-plash.html
More information about the cap-talk
mailing list