Should we be porting Firefox or Chromium? Chromium is already designed to use sandboxing. Also, given the critical security role of web browsers, it seems most logical to heavily modify whichever browser we port to take full advantage of Genode's security features. On Jan 1, 2016 6:44 AM, "Guido Witmond" <guido@...231...> wrote:
On 12/22/15 13:28, Norman Feske wrote:
First, congrats on getting the Turmvilla scenario to work so well. Please make that easy to repeat for others.
I'll also like to encourage the team to continue on the SeL4 kernel. Although each of the other kernels, NOVA, Fiasco, etc are probably more secure than any Linux or BSD ever can be, the fact that these are little known doesn't offer the confidence that these are actually better choice. Building on top of SeL4, that has that reputation, could boost the perception of Genode being a viable alternative to Linux/BSD in the minds of a larger public.
This year, I'll go forward in my quest to get a web server running on Genode in production.
For that my wish list is:
- better ways to debug the system;
- removal of the catchall's that hide information;
- insight into process' activities: * where's my CPU being
eaten; * who's talking to whom, or who stopped talking;
- IPv6; what's a website without it these days;
When that works, I'll focus on getting my Go-lang programs running. These programs manage private keys and certificates and maintain state in a sqlite3 database.
With that, my year will be full :-)
In other thoughts, having a throwaway distro like Tails on top of Genode is a great idea. It would certainly get Genode on the radar of security-minded people.
However, as I see it, the kernel is the least of the worries. It's the monolitic nature of Firefox that needs to be tamed. The real power of Genode comes, imho, from splitting monolitic programs into separate sandboxes.
The low hanging fruit: split off image parsing into a separate process. This process receives a stream of data and returns a memory space with a bit-blittable image that can be copied to the frame buffer.
More challenging would be to break Firefox into more and more smaller parts with the ulimate goal: Every parser into its own sandbox.
I'd love to see Genode provide the mechanisms and support to make breaking up monolitic programs easily. That's where it's power shines.
Or am I preaching to the choir?
Cheers, Guido.
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main