| OLD | NEW |
|---|
| (Empty) |
| 1 About | |
| 2 ===== | |
| 3 | |
| 4 This is a prototype for plumbing Mojo into the NaCl sandbox. It is currently | |
| 5 insecure (see below), and does not support Mojo functions that return pointers | |
| 6 (for example, `MojoMapBuffer`). | |
| 7 | |
| 8 Currently, SFI NaCl support is not being actively developed, in favor of | |
| 9 non-SFI NaCl support. | |
| 10 | |
| 11 Using | |
| 12 ===== | |
| 13 | |
| 14 The SFI NaCl and accompanying tests should be built by default for Linux. | |
| 15 The boolean indicating if they are built is "mojo_use_nacl", defined inside | |
| 16 the BUILD files. | |
| 17 | |
| 18 This should create a "monacl_shell" executable, capable of running standalone | |
| 19 SFI nexes. | |
| 20 | |
| 21 Additionally, it will create a content handler for SFI nexes -- any Nexe | |
| 22 with the line "#!mojo mojo:nacl_content_handler" prepended to it will be | |
| 23 redirected to the SFI content handler when run with the "mojo_shell". | |
| 24 | |
| 25 | |
| 26 Notes | |
| 27 ===== | |
| 28 | |
| 29 `nacl_bindings_generator/interface.py` contains a programmatic description of | |
| 30 the stable Mojo interface. This will need to be updated as the interface | |
| 31 changes. Run `nacl_bindings_generator/generate_nacl_bindings.py` to generate | |
| 32 the bindings that plumb this interface into the NaCl sandbox. | |
| 33 | |
| 34 Security TODO | |
| 35 ============= | |
| 36 | |
| 37 * Validate and copy option structures. | |
| 38 * Protect untrusted buffers passed into Mojo: | |
| 39 * `NaClVmIoWillStart/HasEnded`. | |
| 40 * volatile accesses to untrusted memory (untrusted code could race). | |
| 41 * Overflow checking in array bounds validation. | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2051163002:
Nuke NaCl SFI, part 1. (Closed)
Base URL: https://github.com/domokit/mojo.git@master