LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Gnash, Lightspark, and Shumway

Gnash, Lightspark, and Shumway

Posted Nov 25, 2012 21:35 UTC (Sun) by kripkenstein (subscriber, #43281)
In reply to: Gnash, Lightspark, and Shumway by khim
Parent article: Gnash, Lightspark, and Shumway

You are right that a small sandbox for C++ can be safer than a big one for JS. It's a fact that sandboxing a JS engine is a hard problem, it requires PICs and so forth to be fast.

But the web platform *forces* everyone to have a JS engine. So that work is already done (and the sandboxing is quite good these days). Adding another sandbox is a net increase in vulnerabilities. You can't not have the JS sandbox, but you can not have the C++ one.

Regarding 100x vs 50x - try 6x vs. 3x in modern JS engines on modern codebases.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds