NaCl enabled in the Chrome Beta

Native Client (NaCl) has been shipping with Google Chrome for a while now, but it wasn't enabled by default. It has just been enabled in the Beta channel which means it'll hit the stable channel in about 6 weeks or so.

For those that don't know, NaCl is a plugin that runs native code in the browser. For instance, C/C++ code compiled against NaCl will run sandboxed in the browser, and the Pepper library allows your program and the browser to communicate.

I have a bunch of little games I wrote in C that I'd like to port. Last I heard, NaCl had an SDL port, but most of my games are written with Allegro so I'm hoping someone ports that soon if they hadn't already.

http://chrome.blogspot.com/2011/08/building-better-web-apps-with-new.html

>>25
But syscall virtualization by itself wouldn't be as secure as Javascript, because clever hackers can always find ways to exit the sandbox.
I don't see how, except if there's a security flaw in the kernel.

NaCl's real contribution is a software verification system that scans each executable module before it runs. The verifier imposes a set of constraints on the program that prevent the code from exiting the sandbox. This security comes at a relatively small performance price, with NaCl code generally running at about 95% the speed of equivalent compiled code.
I suppose indirect jumps, indirect calls, and jumps or calls in the middle of an instruction are forbidden. Code making extensive use of callbacks is probably slowed down much more than 5% then, and can even be impossible to compile. I hope I'm wrong.