|
|
|
|
|
|
by b0
5073 days ago
|
|
|
Excuse my ignorance on the matter but you make yourself look immature, arrogant and patronising and this does no credit for your project or yourself. So basically, NaCl: 1. Validates the binary image. Of course that validation has no holes in it. When it does it... 2. Stops unsafe operations. Of course it never misses any and knows every instruction side effect... 3. Oh wait... I'd put cash on someone breaking the sandbox, I mean after all it's perfect isn't it: http://www.matasano.com/research/NaCl_Summary-Team-CJETM.pdf You can't build a flawless sandbox on top of a system by closing the holes one by one, especially on x86/x86-64. The number of edge cases is immense. |
|
|
As for the strawman in your latest comment, no one made any claims of "a flawless sandbox." I rightly pointed out that the security model of NaCl is far more robust, and you've offered nothing to counter that. Now, of course, software is going to have bugs, and the ones listed in that paper are significant. Fortunately, no combination of those bugs could have breached the outer sandbox, and would not have represented a real-world system compromise.
The origin of that paper also circles back to a very important point. We realize that we need to attack security from many different angles (fuzzing, sandboxing, bounty programs, etc.). And that paper you cited was actually the result of Google sponsored competition in 2009 against a pre-release version of NaCl. The authors were the second place winners, and have continued to research NaCl's security both as independent researchers and paid consultants. (One of them is actually presenting at Black Hat on NaCl security this week.)
My point here is that an objective read of the paper really paints NaCl very positively from a security perspective. Had you actually looked at the content rather than just made an assumption based on the title you would have been aware of that.