| OLD | NEW |
|---|
| (Empty) | |
| 1 About |
| 2 ===== |
| 3 |
| 4 This is a prototype for plumbing Mojo into the NaCl sandbox. It is currently |
| 5 insecure (see below), and does not support Mojo functions that return pointers |
| 6 (for example, `MojoMapBuffer`). |
| 7 |
| 8 Currently, SFI NaCl support is not being actively developed, in favor of |
| 9 non-SFI NaCl support. |
| 10 |
| 11 Using |
| 12 ===== |
| 13 |
| 14 The SFI NaCl and accompanying tests should be built by default for Linux. |
| 15 The boolean indicating if they are built is "mojo_use_nacl", defined inside |
| 16 the BUILD files. |
| 17 |
| 18 This should create a "monacl_shell" executable, capable of running standalone |
| 19 SFI nexes. |
| 20 |
| 21 Additionally, it will create a content handler for SFI nexes -- any Nexe |
| 22 with the line "#!mojo mojo:nacl_content_handler" prepended to it will be |
| 23 redirected to the SFI content handler when run with the "mojo_shell". |
| 24 |
| 25 |
| 26 Notes |
| 27 ===== |
| 28 |
| 29 `nacl_bindings_generator/interface.py` contains a programmatic description of |
| 30 the stable Mojo interface. This will need to be updated as the interface |
| 31 changes. Run `nacl_bindings_generator/generate_nacl_bindings.py` to generate |
| 32 the bindings that plumb this interface into the NaCl sandbox. |
| 33 |
| 34 Security TODO |
| 35 ============= |
| 36 |
| 37 * Validate and copy option structures. |
| 38 * Protect untrusted buffers passed into Mojo: |
| 39 * `NaClVmIoWillStart/HasEnded`. |
| 40 * volatile accesses to untrusted memory (untrusted code could race). |
| 41 * Overflow checking in array bounds validation. |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1398213003:
Refactored Non-SFI and SFI NaCl into separate directories. (Closed)
Base URL: https://github.com/domokit/mojo.git@master