| |||||||||||||
There are big difference...There are big difference...Posted Nov 18, 2011 21:54 UTC (Fri) by tpo (subscriber, #25713)In reply to: There are big difference... by Cyberax Parent article: Interview with Andrew Tanenbaum (LinuxFr.org)
khim wrote:
> NaCl does it [code verification] for x86 at machine code level (again with full ANSI C support but with coarser granularity and bigger speed loss).
and Cyberax countered:
> And NaCl still relies on hardware memory protection to contain untrusted code, so it's just a clever way to implement lightweight virtualization on x86. Qemu or VMWare both do similar tricks as well.
If any of you two has pointers to how exactly NaCl (or Qemu or VMWare) achieves to prevent "compartementalized" code within a process from accessing the enclosing rest of the code/data, I'd be interested and thankful to see those pointers (I've checked a bit the nativeclient docu but didn't see anything at first glance).
Thanks,
(Log in to post comments)
The pointers are there... Posted Nov 18, 2011 22:29 UTC (Fri) by khim (subscriber, #9252) [Link] If any of you two has pointers to how exactly NaCl (or Qemu or VMWare) achieves to prevent "compartementalized" code within a process from accessing the enclosing rest of the code/data, I'd be interested and thankful to see those pointers (I've checked a bit the nativeclient docu but didn't see anything at first glance). Well, Qemu, VMWare and NaCl use six different approaches (four because NaCl uses four different, albeit similar, ones). If you want to read more about NaCl your best bet would be research papers, I think. Original NaCl uses hardware support (segment registers), but later version (x86-64, ARM, MIPS) do everything in software. Note that MIPS version is done by some outside people, not by Google so there are no papers yet, only this bug.
|
|||||||||||||