← Back to context

Comment by IshKebab

10 days ago

> Some programs have a ~4x slowdown

How does it compare to something like RLBox?

> This is a myth. 99% of the C/C++ code you are using right now is not perf sensitive.

I don't think that's true, or at best its a very contorted definition of "perf sensitive". Most code is performance sensitive in my opinion - even shitty code written in Python or Ruby. I would like it to be faster. Take Asciidoctor for example. Is that "performance sensitive"? Hell yes!

6 comments

IshKebab

Reply
pizlonator  10 days ago

> How does it compare to something like RLBox?

I don’t know and it doesn’t matter because RLBox doesn’t make your C code memory safe. It only containerizes it.

Like, if you put a database in RLBox then a hacker could still use a memory safety bug to corrupt or exfiltrate sensitive data.

If you put a browser engine in RLBox then a hacker could still pwn your whole machine:

- If your engine has no other sandbox other than RLBox then they’d probably own your kernel by corrupting a buffer in memory that is being passed to a GPU driver (or something along those lines). RLBox will allow that corruption because the buffer is indeed in the program’s memory.

- If the engine has some other sandbox on top of RLbox then the bad guys will corrupt a buffer used for sending messages to brokers, so they can then pop those brokers. Just as they would without RLbox.

Fil-C prevents all of that because it uses a pointer capability model and enforces it rigorously.

So, RLbox could be infinity faster than Fil-C and I still wouldn’t care

  • IshKebab  10 days ago

    That feels like a very binary view of security. There are certainly cases where something like RLBox takes you from "horrific anything-goes C security" to "probably fine". Image parsing for example, which is a common source of vulnerabilities.

    So the question of performance is still relevant, even if RLBox's security properties are less tight.

    • pizlonator  10 days ago

      I think you're trying to compare RLBox and Fil-C because you view them both as "add more security". I get it and that's not entirely unfair, but...

      They're just way too different. RLBox is a containerization technology. Fil-C is a memory safety technology.

      Like, there's a world where you would use both of them stacked on top of one another, because Fil-C does memory safety without containerizing while RLBox does containerization without memory safety.

      3 replies →