-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathRELEASE_NOTES
87 lines (64 loc) · 3.19 KB
/
RELEASE_NOTES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
RELEASE NOTES
Native Client Release 0.2
Updated: 20 July 2009
This file documents issues known at the time of the release, with an
emphasis on security-related issues (and possibly some neglected
robustness or functionality issues). For the full version/release
number of this release, refer to src/VERSION. For an introduction to
Native Client, see README.html in this directory.
[PENDING: VERSION went missing when we simplified the directory
structure in mid-July. It should return shortly.]
CHANGES SINCE THE PREVIOUS RELEASE
See the project wiki's ReleaseNotes page:
http://code.google.com/p/nativeclient/wiki/ReleaseNotes
BROWSER SUPPORT LIMITATIONS
Native Client supports Firefox 3 on Linux, Windows and MacOS, and
Chrome, Safari and Opera on Windows.
Support for the following browsers is not available at this time:
* Internet Explorer
These browsers are partially supported:
* Camino on MacOS appears to work but has had minimal testing
* Firefox 2 on MacOS: We STRONGLY encourage Mac users to upgrade
their Firefox version to 3 for Native Client. On Firefox 2,
control, command and alt keys are not enabled due to
an eavesdropping vulnerability. Note the control key is used
for firing weapons in Quake.
* Safari on MacOS: However, mouse events don't work.
OPERATING SYSTEM SUPPORT LIMITATIONS
Native Client does not work on 64-bit versions of Windows. Many
versions of 64-bit Windows lack the system call required to set
up protected memory segments. We believe that Native Client works
on 32-bit Vista and Windows XP.
LIMITED VIRTUAL MACHINE SUPPORT
Some virtual machines do not implement the CPUID instruction
correctly. As a result, the Native Client sandbox can be defeated via
an instruction decoder desynchronization attack on certain VMs. We
believe VMWare works properly. The following VMs are known to have
exploitable CPUID implementation defects:
* Parallels
* Qemu
* Xen
NPAPI SUPPORT IS PRELIMINARY
NPAPI was designed (and prior to Native Client *was*) only for trusted
code. As such, we think it is possible there are many exploitable
security problems with the NPAPI API itself and with its current
implementations. Our focus to date for NPAPI has been on functionality
rather than security. We will probably be revising our NPAPI
implementation to make it much more restrictive, and considering
variation between various browser implementations of NPAPI.
OUTER SANDBOX NOT INCLUDED IN THIS RELEASE
Our outer sandbox implementations are not sufficiently stable yet to
be worthy of sharing at this time. Stay tuned!
NO "FRIENDLY" INSTALLERS
Our goal in releasing Native Client at this time is to get feedback
from the security and research community to help us make the system
better, and not to get a large number of users. As such, we don't
provide a consumer-oriented install. Our current installer is
implemented as a part of our build system.
BUILDING GPL EXAMPLES
Neither Quake nor XaoS is provided pre-built, due to GPL license
considerations. We hope to streamline these builds in a future
release.
DOXYGEN REQUIRED TO BUILD DOCUMENTATION
If you discover the MODE=all option to our scons build, and you
don't have doxygen installed, you will not be able to build.