OLD | NEW |
| (Empty) |
1 About | |
2 ===== | |
3 | |
4 This is a prototype for plumbing Mojo into the NaCl sandbox. It is | |
5 currently insecure (see below), does not provide a stable ABI (IRT | |
6 support must be added), and does not support Mojo functions that | |
7 return pointers (for example, `MojoMapBuffer`). | |
8 | |
9 | |
10 Using | |
11 ===== | |
12 | |
13 To use this prototype, point your `.gclient` file to `DEPS.nacl` instead | |
14 of `DEPS` and then run `gclient sync`. | |
15 | |
16 When you run `mojo/tools/mojob.py gn`, add `--nacl` to the command line. | |
17 | |
18 Run `mojo/tools/mojob.py nacltest` for additional nacl-specific tests. | |
19 | |
20 | |
21 Notes | |
22 ===== | |
23 | |
24 `generator/interface.py` contains a programmatic description of the | |
25 stable Mojo interface. This will need to be updated as the interface | |
26 changes. Run `generator/generate_nacl_bindings.py` to generate the | |
27 bindings that plumb this interface into the NaCl sandbox. | |
28 | |
29 | |
30 Security TODO | |
31 ============= | |
32 | |
33 * Separate trusted and untrusted Mojo handles. | |
34 * Validate and copy option structures. | |
35 * Protect untrusted buffers passed into Mojo: | |
36 * `NaClVmIoWillStart/HasEnded`. | |
37 * volatile accesses to untrusted memory (untrusted code could race). | |
38 * Overflow checking in array bounds validation. | |
39 | |
OLD | NEW |