2009/12/18 nixlists <nixmli...@gmail.com>:
> On Fri, Dec 18, 2009 at 9:07 PM, Marco Peereboom <sl...@peereboom.us> wrote:
>> firefox + adsuck
>
> What is your opnion on Chrome, OpenBSD gurus? Okay we all know about
> it's privacy and identity leakage concerns. It's designed by Google
> with this built-in - they want to know everything about you and don't
> care about your privacy, yada yada. But what about its supposedly more
> secure multi-process design. Is it really better than Firefox and
> others in this regard?
>
>
Well, in theory, if they can stick to it, a privsep design is more
secure from the point of view of the application.
When done right.
Now, is it a small and secure program? I dunno: You decide:
# uname -a
OpenBSD cthulhu.cns.ualberta.ca 4.6 GENERIC.MP#27 amd64
# pwd
/usr/local/chrome
# ldd chrome
chrome:
Start End Type Open Ref GrpRef Name
0000000000400000 0000000002c9f000 exe 1 0 0 chrome
0000000209b99000 000000020a0cc000 rlib 0 14 0
/usr/X11R6/lib/libX11.so.12.0
0000000210dbf000 00000002111c8000 rlib 0 7 0
/usr/X11R6/lib/libXrender.so.5.0
00000002069ca000 0000000206ddb000 rlib 0 7 0
/usr/X11R6/lib/libXext.so.10.0
0000000212468000 0000000212877000 rlib 0 1 0
/usr/local/lib/libexecinfo.so.0.0
000000021037f000 0000000210bab000 rlib 0 1 0
/usr/local/lib/libgtk-x11-2.0.so.1402.0
00000002111f4000 00000002116aa000 rlib 0 2 0
/usr/local/lib/libgdk-x11-2.0.so.1402.0
0000000214671000 0000000214a8c000 rlib 0 3 0
/usr/local/lib/libgdk_pixbuf-2.0.so.1402.0
0000000204490000 000000020489d000 rlib 0 3 0
/usr/local/lib/libpangocairo-1.0.so.1801.0
000000020a660000 000000020aa62000 rlib 0 3 0
/usr/X11R6/lib/libXinerama.so.5.0
000000020ff75000 000000021037f000 rlib 0 3 0
/usr/X11R6/lib/libXi.so.10.1
00000002058fc000 0000000205d04000 rlib 0 3 0
/usr/X11R6/lib/libXrandr.so.6.1
000000020db06000 000000020df10000 rlib 0 3 0
/usr/X11R6/lib/libXcursor.so.4.0
00000002029e5000 0000000202de8000 rlib 0 3 0
/usr/X11R6/lib/libXcomposite.so.3.0
0000000202e4d000 0000000203250000 rlib 0 3 0
/usr/X11R6/lib/libXdamage.so.3.1
00000002065c0000 00000002069c5000 rlib 0 6 0
/usr/X11R6/lib/libXfixes.so.5.0
0000000211fc2000 00000002123e0000 rlib 0 2 0
/usr/local/lib/libatk-1.0.so.2800.0
000000020ce25000 000000020d2b0000 rlib 0 4 0
/usr/local/lib/libcairo.so.9.2
0000000213dfc000 0000000214236000 rlib 0 5 0
/usr/X11R6/lib/libpixman-1.so.15.8
000000020976e000 0000000209b99000 rlib 0 5 0
/usr/local/lib/libglitz.so.2.0
000000020df10000 000000020e338000 rlib 0 1 0
/usr/local/lib/libpng.so.9.0
000000020efb6000 000000020f3d2000 rlib 0 15 0
/usr/X11R6/lib/libxcb.so.2.0
0000000205d04000 0000000206105000 rlib 0 16 0
/usr/X11R6/lib/libpthread-stubs.so.0.0
000000020d532000 000000020d935000 rlib 0 16 0
/usr/X11R6/lib/libXau.so.9.0
00000002130c2000 00000002134c7000 rlib 0 16 0
/usr/X11R6/lib/libXdmcp.so.10.0
0000000207434000 00000002078e1000 rlib 0 4 0
/usr/local/lib/libgio-2.0.so.1802.0
00000002156c4000 0000000215af4000 rlib 0 4 0
/usr/local/lib/libpangoft2-1.0.so.1801.0
0000000204a99000 0000000204ee3000 rlib 0 5 0
/usr/local/lib/libpango-1.0.so.1801.0
000000020610a000 000000020654a000 rlib 0 12 0
/usr/local/lib/libgobject-2.0.so.1802.0
000000020c7da000 000000020cbdd000 rlib 0 10 0
/usr/local/lib/libgmodule-2.0.so.1802.0
000000020eb7a000 000000020efb1000 rlib 0 6 0
/usr/X11R6/lib/libfontconfig.so.6.0
0000000204ee3000 0000000205307000 rlib 0 7 0
/usr/lib/libexpat.so.9.0
0000000209038000 00000002094ba000 rlib 0 7 0
/usr/X11R6/lib/libfreetype.so.17.0
0000000214a8c000 0000000214ea0000 rlib 0 8 0
/usr/lib/libz.so.4.1
00000002079f7000 0000000207dfb000 rlib 0 3 0
/usr/local/lib/libgthread-2.0.so.1802.0
000000020fa0e000 000000020fed7000 rlib 0 15 0
/usr/local/lib/libglib-2.0.so.1802.0
0000000203e02000 000000020420d000 rlib 0 16 0
/usr/local/lib/libintl.so.4.0
000000020326b000 0000000203764000 rlib 0 17 0
/usr/local/lib/libiconv.so.6.0
000000020b96a000 000000020bea5000 rlib 0 3 0
/usr/local/lib/libnss3.so.24.0
0000000212c95000 00000002130c2000 rlib 0 1 0
/usr/local/lib/libsmime3.so.24.0
00000002116aa000 0000000211af0000 rlib 0 1 0
/usr/local/lib/libsoftokn3.so.24.0
000000020e73c000 000000020eb75000 rlib 0 1 0
/usr/local/lib/libssl3.so.24.0
00000002152c1000 00000002156c4000 rlib 0 6 0
/usr/local/lib/libplds4.so.21.0
000000020e338000 000000020e73c000 rlib 0 6 0
/usr/local/lib/libplc4.so.21.0
0000000206de0000 0000000207219000 rlib 0 8 0
/usr/local/lib/libnspr4.so.21.0
0000000214236000 0000000214671000 rlib 0 1 0
/usr/local/lib/libgconf-2.so.6.2
000000020898a000 0000000208df8000 rlib 0 2 0
/usr/local/lib/libORBit-2.so.3.0
000000020aa62000 000000020aeb0000 rlib 0 3 0
/usr/local/lib/libdbus-1.so.7.1
0000000214ea0000 00000002152c1000 rlib 0 13 0
/usr/lib/libm.so.5.2
0000000207e58000 000000020828d000 rlib 0 1 0
/usr/local/lib/libjpeg.so.63.0
000000020a0d1000 000000020a622000 rlib 0 1 0
/usr/local/lib/libxml2.so.11.0
00000002134c7000 00000002139d8000 rlib 0 1 0
/usr/local/lib/libestdc++.so.11.0
000000020b0ec000 000000020b5cd000 rlib 0 3 0
/usr/lib/libc.so.53.0
00000002139d8000 0000000213dfc000 rlib 0 1 0
/usr/lib/libpthread.so.12.0
0000000212877000 0000000212c95000 rlib 0 5 0
/usr/local/lib/libnssutil3.so.24.0
0000000215f1f000 0000000216347000 rlib 0 4 0
/usr/local/lib/libpng.so.8.1
0000000215af4000 0000000215f1f000 rlib 0 15 0
/usr/local/lib/libpcre.so.2.3
0000000216347000 00000002167b5000 rlib 0 1 0
/usr/local/lib/libsqlite3.so.13.3
00000002167b5000 0000000216bd7000 rlib 0 1 0
/usr/local/lib/libdbus-glib-1.so.4.2
000000020f600000 000000020f600000 rtld 0 1 0
/usr/libexec/ld.so
#
Well at least it'll give shared library randomization something to do:
# pwd
/tmp/chromium-4.0.251.0
# find . -type f -name \*.c -exec cat "{}" >> /tmp/chromium_c \;
# find . -type f -name \*.cc -exec cat "{}" >> /tmp/chromium_cc \;
# wc -l /tmp/chromium_c
1334153 /tmp/chromium_c
# wc -l /tmp/chromium_cc
1300305 /tmp/chromium_cc
# find /usr/src/sys -type f -name \*.c -exec cat "{}" >> /tmp/kernel_c \;
# find /usr/src/sys -type f -name \*.cc -exec cat "{}" >> /tmp/kernel_cc \;
# wc -l /tmp/kernel_c
1949871 /tmp/kernel_c
# wc -l /tmp/kernel_cc
0 /tmp/kernel_cc
# find /usr/src/usr.bin/ssh -type f -name \*.c -exec cat "{}" >>
/tmp/ssh_c \;
# find /usr/src/usr.bin/ssh -type f -name \*.cc -exec cat "{}" >> /tmp/ssh_cc \;
# wc -l /tmp/ssh_c
58501 /tmp/ssh_c
# wc -l /tmp/ssh_cc
0 /tmp/ssh_cc
# find /usr/src -type f -name \*.c -exec cat "{}" >> /tmp/openbsd_c \;
# find /usr/src -type f -name \*.cc -exec cat "{}" >> /tmp/openbsd_cc \;
# wc -l /tmp/openbsd_c
11205682 /tmp/openbsd_c
# wc -l /tmp/openbsd_cc
138555 /tmp/openbsd_cc
Still plenty of potential for issues in there, draw your own
conclusions. About the most complicated privsep program that gets it
right I know of is ssh.
process separation may make the browser itself harder to compromise,
but won't really do fuck all for you if the exploit is javascript. and
at the moment I haven't
seen anything that works as an effective selective javascript blocker
for chrome like noscript - they just expect you to let google decide
what sites are safe so far.
