[cap-talk] Google's Native Client (NaCl)

Toby Murray toby.murray at comlab.ox.ac.uk
Tue Oct 6 03:50:18 EDT 2009

2009/10/5 Sam Mason <sam at samason.me.uk>

> On Mon, Oct 05, 2009 at 09:02:26PM +0000, Karp, Alan H wrote:
> > Sam Mason wrote:
> > > I don't think compatibility was ever going to be much of a focus with
> > > it; I think it's more about bringing ocap security to the world of
> > > web-browser plugins.
> >
> > Minor point.  I don't recall seeing anything to indicate that NaCl
> > uses capabilities.
> It's structure seemed a very capability-like design to me.  It starts
> confined and communication to and from a nativeclient seems through a
> "NaCl socket", it's the calling code's choice which other NaCl modules
> it sees, and so on.  The original paper[1] says:
>  NaCl resource descriptors are analogous to capabilities in systems
>  such as EROS.
> or am I getting blinded by the detail?
> No I think you're spot on. Mark Seaborn (of Plash) has done a bit of
thinking about NaCl and capability-like confinement and has even gotten the
python interpreter running under a modified nacl, see e.g.


I don't know if any of this has been picked up upstream.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.eros-os.org/pipermail/cap-talk/attachments/20091006/ada6f712/attachment.html 

More information about the cap-talk mailing list