Is NaCl hardened against memory corruption?

[Arnie]

Hi everyone!

I would like to know if the Native Client architecture has any measures in place to prevent or minimize the impact of memory corruption caused by programming errors.

1. Can Chrome apps and extensions that use NaCl/PNaCl interact with each other in any way?

2. If one app/extension crashed due to memory corruption, would that also affect other extensions or the correct operation of the Chrome browser? I know that Chrome employs multi-process architecture to avoid this problem but from what I understand, NaCl also makes use of shared memory. Am I wrong to think that if the shared memory got corrupted then all NaCl processes and the Chrome browser would be affected?

3. Are there any additional measures in place to prevent or minimize memory corruption in case of ChromeOS compared to other operating systems?

[Floh]

Not allowing memory accesses outside the own sandbox is the whole point of NaCl I think :) Of course you're free to corrupt your own memory (inside the sandbox), but every NaCl instance should be completely isolated. I think the details are in this paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/34913.pdf

You can interact with the outside world by sending and receiving messages, but not through direct memory access.

I don't know if any of the NaCl security features affect ChromeOS as a whole.