If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Announcement
Collapse
No announcement yet.
Nebulet: A Rust Microkernel Running WebAssembly In Ring 0
No software is ever bug free, doing this in manner that is 100% safe is pipe dream. Even if it was not why risk it? Just keep loserspace code in its place.
How is Nebulet related to Mozilla? Yes it is written in the language made by Mozilla but besides that I don't see any connection.
Please read the article again
Originally posted by phoronix
While the idea of running WebAssembly in ring 0 may cause security shivers, Mozilla at least believes it can be done safely if the WebAssembly is verified as well as taking optimization steps to ensure no reading/writing outside of its assigned linear memory. Other steps/optimizations are also taken to reduce possible vulnerabilities.
metldown proved that hatdware memory protection in some cpus ( not amd but not only intel either ) is faulty , this os is not affected because it does not uses that feature
Well, in the same sense that a motorcycles doesn't suffer from failed seat belts and air bugs... Sure.
Can someone explain to me why this is only possible with WebAssembly? If I understand it correctly, the WebAssembly language itself does not support reading or writing to memory locations that are not assigned to the application. If that's true, then programs would not have to be checked, because they are safe by design. But the GitHub repo says the WebAssembly code is still verified. Why? And:
- is WebAssembly seriously the first language to provide this safety?
- does this mean that on a computer running this kernel, the only native program will be the kernel itself, and the rest has to be written in WebAssembly, or interpreted by a program written in WebAssembly?
Has threading and verifies if it accesses the memory region intended for it.
Show me this magic, I need it in my ring 3 code.
In safe Rust, memory can't be shared, mutable and concurrent all at the same time (it can be shared + mutable, mutable + concurrent or concurrent + shared, but this is safe).
Comment