Le 03/08/2016 à 21:38, David Bruant a écrit :
My undertanding of pwalton's email is that the parts written in unsafe
rust binding to complex C++ libraries should be bundled together in
their own process(es).
Were the JS and layout engines written in safe Rust, I don't think
process-as-a-sandoxing-boundary would be necessary?
Sorry for the two-messages-in-a-row, but I have a follow-up question:
In the current design of Servo with JS and graphics in C++, has the
exploitable-unsafe-memory surface shrunk that much?
Will writing these in safe Rust be necessary to get to a point where
Servo is significantly more secure than C++ browsers?
David
_______________________________________________
dev-servo mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-servo
