Not many people are right now aware of this but Google has an ongoing effort which is no less than brilliant: A plugin which allows execution of binary x86 code inside the browser. And it really looks secure!
http://code.google.com/p/nativeclient
How does it work? (Skip this if you want to see my announcement further down)
You should read the whitepaper first to get a grip of the security model. The concepts are a modified gcc which changes the assembler code a bit to make jumps, branches etc. more visible and a code veryfier that simple chews the binary's machine code and dissallows it if any kind of x86 construction does not adhere to a simple ruleset making it very transparent what actions the code takes (hence the need to use a modified gcc. The security relies on the veryfier, not the use of a particular gcc).
On top of that they confine the binary in as much as two security layers, which I guess is using the usual OS tricks for containment and which only lets through a very limited set of system calls all being captured and dealt with in the plugin's lowest layer, not in the running system kernel of course.
The sum of this is that you can compile any statically linked binary which only uses that limited set of system calls and run it in the browser. At the moment you cannot open files from the local machine, neither can you use OpenGL and lots of other things quite impossible. Instead you get a very limited SDL-like interface to showing graphics and getting user input and a few other things: http://nativeclient.googlecode.com/svn/ ... index.html
The nice thing about this is that once the user has installed that plugin, they will not have to be presented with any further hassle to download and run binaries inside the plugin.
Irrlicht for Google Native Client
... And yes, I have taken the liberty to hack a version of Irrlicht together which works using the software renderer inside the plugin. The tested examples work as well
http://groups.google.com/group/native-c ... 1a3cfd2dfe#
The latest instructions from that mail is here...
Code: Select all
Prepare:
cd <nacl>/googleclient/native_client/tests
wget http://atomicmonstergirls.net/work/nacl/nacl-irrlicht-0.5.tar.gz
tar -xzf nacl-irrlicht-0.4.tar.gz
cd irrlicht
./Irrlicht-Setup-and-Patch.sh
Build:
./Irrlicht-Build.sh
Run:
firefox testirrlicht.htmlSince the software renderes aren't amongst the fastest, I'm working now and then on a faster software renderer. But in the long run, I'm quite convinced that Google will add an OpenGL interface to the API. I just couldn't wait..
Best regards,
Rene Jensen / centipede
EDIT: Screenshots: http://atomicmonstergirls.net/work/nacl ... shot01.png
