> > Some of you are concerned about the technical challenges in making Native
> > Client secure. So are we, and that's why we are sharing the system in this
> > research release, so the community can review it with a critical eye.
>
> You can't "review in" security for a technology that's inherently
> insecure.
Although I don't want to cast myself as a critic, but have to agree
with the previous sentiment... If you had security concerns from the
beginning, why even go down the path? Do you think the true
exploiters will be so kind as to give you the exploit? If I found an
exploit(and if I was an exploiter), I'm holding on to it, hoping it is
not caught until this thing is released.
I just learned of native client today and glanced through the
whitepaper. I am confused as to how replacing all jmp statements with
your own is reliable. Why can't someone just modify their own
compiler NOT to do this, linking in all the other code to make a
program look like a valid NaCl implementation?
Where is the real security implemented? At compile-time or run-time?
Relying on compile-time compliance to your rules is prone to error and
exploit in my opinion. I think in order to give a real educated
opinion I need to do more research, but I probably won't spend much
time on it.
Is there any real documentation as to how it works? I was a little
frustrated that I couldn't find good information within a couple of
hours, other than a long and speculative whitepaper, and the source
code of course.
I am naturally concerned about developing a product that intends to
directly challenge exploiters, instead of not even letting them on the
playing field.
Also I love the end of the paper that aligns NaCl as similar to
ActiveX. Basically it said that Microsoft couldn't do it, but we can!