5

Since Google NaCl is C++, will I be able to access the file system somehow? That's pretty much needed if I am to create a game or a desktop app.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Tower
  • 98,741
  • 129
  • 357
  • 507
  • Preventing a program from doing this is what NaCl is all about. You'll only have access to an isolate storage area of the disk. Very similar to HTML5's localStorage object. – Hans Passant Dec 10 '11 at 14:54
  • 1
    @HansPassant You mean HTML5's FileSystem? localStorage is quite different. Anyway, so NaCl does not provide this functionality. Then I guess we need to wait for some other alternatives. – Tower Dec 10 '11 at 17:13
  • 1
    @rFactor HTML5 can apparently read from the local file system, though the user must pick the file from an "Open" dialog. To write must complete a "Save As..." operation. If NaCl doesn't have the ability to do these things on its own, it can be tied to HTML5 to let it do that. The examples show them passing data back and forth: https://developers.google.com/native-client/sdk/examples – HostileFork says dont trust SE Dec 10 '11 at 17:42
  • @HostileFork, "Save As" isn't the same as having file write access. "Save As" simply doesn't scale because it requires user action. Imagine you need to write 20 files to a designated folder, there's no usability sense to tell the user to right click and "Save As" 20 times. Same goes for read access. – Pacerier Aug 07 '16 at 23:21
  • I think the underlying question is... Can a desktop app like Eclipse be ported to the web via NaCl/PNaCl assuming we are willing to ignore the (hopefully negligible) speed decrease? – Pacerier Aug 07 '16 at 23:28

2 Answers2

7

Due to security restrictions, NaCl doesn't allow you to just open up any folder on the disk.

It does, however, grant the ability to access a sandboxed, obfuscated filesystem.

You can check out the PONG example in the latest SDK for examples of how to use the FileSystemAPI.

In addition, this page is a good starting point to understanding how the file system works: https://developers.google.com/native-client/beta-docs/fileIO

~Main

Colt McAnlis
  • 204
  • 1
  • 3
1

Yes, but this access is supposedly secure and only able to access a sandboxed file system. Apparently you'll be able to do mmap calls, even. What could go wrong? :-)

Beyond any data files that come with the download, additional disk quota is an "app privilege" you have to "approve" when you install something. It can range from 0 to unlimited.

HostileFork says dont trust SE
  • 32,904
  • 11
  • 98
  • 167
  • ActiveX mention is distracting, I edited it out. Point is I think "sandboxing" raw system services often is done poorly...there are security problems even in VMs, where if you have a cloud host running multiple services by different authors they can leak and hacks from one affect the other. I question if something like this can be both complete *and* secure when running on client systems...it's one or the other, kind of. It's all about compromises to achieve "nativeness" for browsing purposes, and I see no great design here. – HostileFork says dont trust SE Apr 22 '16 at 09:16
  • 2
    Your answer and comment are gut-feel FUD, not facts. "Others got things wrong, they probably did too" isn't productive. I suggest you dig into the implementation, look at what security researchers have done with NaCl, go through the CVEs for it. NaCl is even in the Chrome bug bounty program, you'd get paid if you found flaws. @colt-mcanlis's answer is much more helpful here. – JF Bastien Apr 22 '16 at 15:47
  • @JFBastien No, wrong. It's an observation about something that is intrinsically more complex to secure and abstract. Maybe you think it's peachy that now I can't read an article on the web without JavaScript and gigabytes of downloads and spyware. And maybe you're the kind of person who had no problem when they stuck in "window.open()"--*they can't even get that right*. I don't think it's a great idea to give those same people mmap (because...how are you implementing that, how are you securing it?), and saying "they'll pay you per bug" indicates it's you with the problem in thinking--not I. – HostileFork says dont trust SE Apr 22 '16 at 20:36
  • You seem to have confused Stack Overflow—a place for helpful Q&A—with a soapbox. You're further soap-box-ranting about something you haven't looked into, based solely on gut-feel. I'm happy to answer another SO questions about *how* the NaCl sandbox or the Chrome process sandbox work, that would be super helpful and maybe you'd then have a solid soapbox to stand on rather than the current FUD. – JF Bastien Apr 23 '16 at 00:15
  • @JFBastien, I see you're a chrome engineer.. Do you happen to know what are some of the possible solutions for a NaCl/PNaCl application to get access to the unsandboxed filesystem? – Pacerier Aug 07 '16 at 23:45