Main thread crases when NaCl Thread crashes

[Matze]

Hello,

my program creates several NaCl-Sandboxes with 

NaClCreateMainThread(&app, 0, NULL, NULL))

like in the mutiple_sandbox test to run untrusted applications.

If one of the Application has an error like dividing through 0 the complete program is crashing with SIGFPE.

Should such errors not be isolated? How can i avoid my complete Application from crashing?

Tanks in advance.

[KnoooW]

Does it crash when SIGFPE with only one thread ? I think if you have not exception handler, it should crash.

[Matze]

I'm not sure what you mean, maybe you have misunderstood my question.

I have some kind of server program which starts one sandboxed application in an extra thread with NaClCreateMainThread.

Now the untrusted software, which runs in the sandbox is not controlled by me and it is maybe malicious or has an error.

For an test I created an nacl-application which causes a divided by zero error. 

When i load this application, the whole program crashes.

So do I have to write an exception handling around the NaClCreateMainThread? I don't think this would work in a threaded environment.

What kind of exception handling would you suggest to catch exception from other threads?

Or am I creating the thread on a completely wrong way?

[Roland McGrath]

Most of the runtime has really been designed with the model in mind that when a sandbox crashes, the whole process will crash.  You may find it difficult to close all the holes in the scenario you are trying to support.  You can try changing the way the signal handlers work, but there are probably going to be other issues.

[Matze]

So the best way would be to create a process for each sandbox and start the thread there.

Are there any other requirements to start a save NaCl sandbox or is it safe to start it in the way of the multiple_sandbox test.