RELEASE NOTES Native Client Release 0.1 Updated: 30 May 2009 This file documents issues known at the time of the release, with an emphasis on security-related issues (and possibly some neglected robustness or functionality issues). Please see http://code.google.com/p/nativeclient/wiki/ReleaseNotes for the most recent information. See README.html in this directory for an introduction to Native Client. For the full version/release number of this release, refer to nacl/googleclient/VERSION. CHANGES SINCE THE PREVIOUS RELEASE See the CURRENT VERSION CHANGES section at the bottom of this file. BROWSER SUPPORT LIMITATIONS Native Client supports Firefox 3 on Linux, Windows and MacOS, and Chrome, Safari and Opera on Windows. Support for the following browsers is not available at this time: * Internet Explorer These browsers are partially supported: * Camino on MacOS appears to work but has had minimal testing * Firefox 2 on MacOS: We STRONGLY encourage Mac users to upgrade their Firefox version to 3 for Native Client. On Firefox 2, control, command and alt keys are not enabled due to an eavesdropping vulnerability. Note the control key is used for firing weapons in Quake. * Safari on MacOS: However, mouse events don't work. OPERATING SYSTEM SUPPORT LIMITATIONS Native Client does not work on 64-bit versions of Windows. Many versions of 64-bit Windows lack the system call required to set up protected memory segments. We believe that Native Client works on 32-bit Vista and Windows XP. LIMITED VIRTUAL MACHINE SUPPORT Some virtual machines do not implement the CPUID instruction correctly. As a result, the Native Client sandbox can be defeated via an instruction decoder desynchronization attack on certain VMs. We believe VMWare works properly. The following VMs are known to have exploitable CPUID implementation defects: * Parallels * Qemu * Xen NPAPI SUPPORT IS PRELIMINARY NPAPI was designed (and prior to Native Client *was*) only for trusted code. As such, we think it is possible there are many exploitable security problems with the NPAPI API itself and with its current implementations. Our focus to date for NPAPI has been on functionality rather than security. We will probably be revising our NPAPI implementation to make it much more restrictive, and considering variation between various browser implementations of NPAPI. OUTER SANDBOX NOT INCLUDED IN THIS RELEASE Our outer sandbox implementations are not sufficiently stable yet to be worthy of sharing at this time. Stay tuned! NO "FRIENDLY" INSTALLERS Our goal in releasing Native Client at this time is to get feedback from the security and research community to help us make the system better, and not to get a large number of users. As such, we don't provide a consumer-oriented install. Our current installer is implemented as a part of our build system. BUILDING GPL EXAMPLES Neither Quake nor XaoS is provided pre-built, due to GPL license considerations. We hope to streamline these builds in a future release. DOXYGEN REQUIRED TO BUILD DOCUMENTATION If you discover the MODE=all option to our scons build, and you don't have doxygen installed, you will not be able to build. CURRENT VERSION CHANGES This release contains the following changes. General changes: - Changed the expiration date from June 1 to July 8.