On 2013-07-12 2:33 PM, Patrick Walton wrote:
Servo is *also* designed to be amenable to OS sandboxing, so that processes compromised via unsafe code or the JIT can be stopped from taking over the system. In general, although we don't have fine-grained sandboxing today, we try to specify the interface so that we can add process-level sandboxing in the future and keep most of the code intact. Rust's type system helps a lot here by carefully circumscribing where memory can be shared. Single-process shared-nothing message passing designs should be able to be readily ported to multi-process designs.
Can you please talk a bit more about what facilities Rust provides for OS level sandboxing? This seems very interesting.
Of course, Gecko can do the latter with e10s, but the viability of e10s is not certain on desktop, as I understand things (though please correct me if I'm wrong).
We have a plan of action right now, and work is under way based on that. There are no fundamental reasons why e10s on desktop should not be viable (we have a few other engines as examples of the feasibility of this approach), but of course it is a huge engineering task.
Cheers, Ehsan _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo