Should we be porting Firefox or Chromium? Chromium is already designed to use sandboxing. Also, given the critical security role of web browsers, it seems most logical to heavily modify whichever browser we port to take full advantage of Genode's security features.
On 12/22/15 13:28, Norman Feske wrote:
First, congrats on getting the Turmvilla scenario to work so well.
Please make that easy to repeat for others.
I'll also like to encourage the team to continue on the SeL4 kernel.
Although each of the other kernels, NOVA, Fiasco, etc are probably more
secure than any Linux or BSD ever can be, the fact that these are little
known doesn't offer the confidence that these are actually better
choice. Building on top of SeL4, that has that reputation, could boost
the perception of Genode being a viable alternative to Linux/BSD in the
minds of a larger public.
This year, I'll go forward in my quest to get a web server running on
Genode in production.
For that my wish list is:
- better ways to debug the system;
- removal of the catchall's that hide information;
- insight into process' activities: * where's my CPU being eaten;
* who's talking to whom, or who stopped talking;
- IPv6; what's a website without it these days;
When that works, I'll focus on getting my Go-lang programs running.
These programs manage private keys and certificates and maintain state
in a sqlite3 database.
With that, my year will be full :-)
In other thoughts, having a throwaway distro like Tails on top of Genode
is a great idea. It would certainly get Genode on the radar of
security-minded people.
However, as I see it, the kernel is the least of the worries. It's the
monolitic nature of Firefox that needs to be tamed. The real power of
Genode comes, imho, from splitting monolitic programs into separate
sandboxes.
The low hanging fruit: split off image parsing into a separate process.
This process receives a stream of data and returns a memory space with a
bit-blittable image that can be copied to the frame buffer.
More challenging would be to break Firefox into more and more smaller
parts with the ulimate goal: Every parser into its own sandbox.
I'd love to see Genode provide the mechanisms and support to make
breaking up monolitic programs easily. That's where it's power shines.
Or am I preaching to the choir?
Cheers, Guido.
------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
genode-main@...12...ceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main