What is the need for `nacl_helper_bootstrap` on Linux?

[illwieckz]

What is the need for nacl_helper_bootstrap on Linux?

On my end the game runs without it.

[illwieckz]

I noticed it because FreeBSD can run the Linux binary on Linuxulator without the bootstrap helper, it also runs with the bootstrap helper. So I wondered if that was true on Linux too, it looks like it is.

[illwieckz]

@Kangz would you know what the bootstrap helper is for?

[Kangz]

The source is here. It seems to be a custom dynamic loader that loads the NaCl ELF to set up part of the sandbox but I'm not sure how it is used, or what it does exactly.

[illwieckz]

I don't have access to this link, but I guess it's the same file as:

• https://chromium.googlesource.com/native_client/src/native_client/+/refs/heads/main/src/trusted/service_runtime/linux/nacl_bootstrap.c

[slipher]

There's a test that sheds some light on what it's supposed to do. Apparently the reserved_at_zero part is only expected to do anything on non-amd64 Linux.

One of the duties is to forbid memory mapping of some regions. Forbidding code to be mapped at certain regions is part of the secure sandboxing architecture. So you might not see something break but disabling it could let programs escape the sandbox.