On Thursday, March 5, 2015, Jude Nelson <jud...@gmail.com> wrote: > > Besides issues related to Chromium's poor support for privacy features, > > it also has no real security support. > > No comment on the privacy features, but I beg to differ on the security. > The fact that the Linux build of Chromium runs each tab and plugin in its > own seccomp'ed process and runs them all separately from a "kernel" process > puts the browser worlds ahead of Firefox in terms of security. Excluding > project Electrolysis (which I look forward to), the fact that Firefox runs > every tab in the same process means that one bad tab can compromise the > whole browser without too much effort. >
Tried e10 in nightly-builds, a lot of tab-crashing. I however use firejail to sandbox/seccomp firefox - works great. When namespaces gets properly included I hope it would be hard to gain root. I don't trust anything google I like icecat > By contrast, Chromium's kernel/process-per-tab factoring has led to secure > browser designs [1] where this class of exploit and others are provably > impossible. > > -Jude > > [1] http://goto.ucsd.edu/quark/ > > > On Wed, Mar 4, 2015 at 8:33 PM, Adam Borowski <kilob...@angband.pl > <javascript:_e(%7B%7D,'cvml','kilob...@angband.pl');>> wrote: > >> On Wed, Mar 04, 2015 at 05:14:26PM -0600, T.J. Duchene wrote: >> > >>>Is Devuan going to use the exact same guideline? If not,is there any >> > >>>plan for Devuan to use Mozilla products as is in the future, >> > >>>especially Firefox and Thunderbird? >> > >> > If I might offer an alternative suggestion? I'd rather see Devuan >> > default to Chromium with NAPI support than use Firefox, period. >> >> Besides issues related to Chromium's poor support for privacy features, >> it also has no real security support. There's nothing but "install the >> newest and greatest, right now". Unlike Firefox' long-term-support >> releases, any version of Chromium becomes unsupported the moment a new one >> appears. Even worse, there's no heed that such new version builds on >> toolchains which are not likewise "newest and greatest" (such as gcc-4.7). >> >> Please read: >> https://lists.debian.org/debian-security-announce/2015/msg00031.html >> -- there is no security support for Chromium on any Debian release: >> support >> on wheezy had to be dropped, while there's no jessie yet, and wheezy has >> still 1.5 years of primary security support, not to even mention LTS. >> >> -- >> // If you believe in so-called "intellectual property", please immediately >> // cease using counterfeit alphabets. Instead, contact the nearest temple >> // of Amon, whose priests will provide you with scribal services for all >> // your writing needs, for Reasonable and Non-Discriminatory prices. >> _______________________________________________ >> Dng mailing list >> Dng@lists.dyne.org <javascript:_e(%7B%7D,'cvml','Dng@lists.dyne.org');> >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> > >
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng