[ozgrakkurt]

Really informative writing thank you.

How secure does this make a binary? For example would you be able to run untrusted binary code inside a browser using a method like this?

Then can websites just use C++ instead of javascript for example?

[amitlimaye]

yes that is the goal though C++ is something i am not targetting in the short term. The idea is to be able to run untrusted binaries in a vm with no kernel. saves memory makes for faster loads and the the bin cannot escape the vm so it can never compromise your host.

[lmz]

They already can use C++ if they want to. Emscripten? Jslinux?

[ozgrakkurt]

I mean just distributing the regular compiled x86_64 binary and then running it as a normal executable on the client side but just using that syscall shim so it is safe.

[direwolf20]

If you think about the fundamentals involved here, what you actually need is for the OS to refuse to implement any syscalls, and not share an address space.

A process is already a hermetically sealed sandbox. Running untrusted code in a process is safe. But then the kernel comes along and pokes holes in your sandbox without your permission.

On Linux you should be able to turn off the holes by using seccomp.

[amitlimaye]

seccomp is a very coarse filter and a very limited action set. think what you could do if you could see the payload of the syscall or change the output of a read syscall depending on agent identity.