Re: FF vs. Chrome/Chromium
On 2017-09-28, Boudewijn Dijkstra wrote: > Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt >: >>> Firefox has W^X compliance and so runs with the secure defaults. >> >> it uses page aliasing, which is a shitty way of being compliant > > Do you mean dual-mapping a.k.a. double-mapping? I found some old patches > using a temporarily file and mmap w/ fd to achieve this, but they never > went in. > > This blog: > https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/ > suggests that it is simply switching between RW and RX using mprotect. > > Can you please elaborate? > > That was my understanding too, and that's what ktrace shows. ... 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5) 13015 firefox RET mprotect 0 ...
Re: FF vs. Chrome/Chromium
Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt : Firefox has W^X compliance and so runs with the secure defaults. it uses page aliasing, which is a shitty way of being compliant Do you mean dual-mapping a.k.a. double-mapping? I found some old patches using a temporarily file and mmap w/ fd to achieve this, but they never went in. This blog: https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/ suggests that it is simply switching between RW and RX using mprotect. Can you please elaborate? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: FF vs. Chrome/Chromium
> On 27 Sep 2017, at 16:44, Theo de Raadt wrote: > > you really shouldn't be promising that to anyone. it might not happen, > their design might not allow it. > > pledge in giant programs is very rare. chrome got LUCKY, and there is > no evidence that firefox will also. There was also another interesting presentation by Landry Breuil about "7 years of maintaining firefox " with "- sandboxing w/ `pledge()` ?" https://www.openbsd.org/papers/eurobsdcon2017_seven_years_of_maintaining_firefox.md but not sure if recordings will be available.
Re: FF vs. Chrome/Chromium
> Firefox has W^X compliance and so runs with the secure defaults. it uses page aliasing, which is a shitty way of being compliant > The latest Firefox (Not ESR as mtier provides) has recently had > sandboxing for Windows and Linux added and legacy extensions will be > phased out. > > It is therefore likely possible to add pledge patches without depending > on upstream and so Firefox could become the clear winner. you really shouldn't be promising that to anyone. it might not happen, their design might not allow it. pledge in giant programs is very rare. chrome got LUCKY, and there is no evidence that firefox will also. n> > Otherwise you have to decide for yourself. I'm not sure any browsers > code quality is Good or which is better, which would be an important > factor. > > Neither are particularly good at privacy but Firefox does allow > clearing data on exit and has better extensions. > 1
Re: FF vs. Chrome/Chromium
On Wed, 27 Sep 2017 14:49:19 +0200 > Hi there! > > Last night I enjoyed reading through the different presentation > slides from EuroBSDcon 2017. > > Relating to Theo's presentation on 'Pledge and > Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) > he states that firefox cannot be pledged while "chrome was strongly > pledged in <1 week". > > I assume that this actually is 'chromium', right? Disregarding any > addons, is it valid to say that for OpenBSD users chromium is "safer" > than FF as the latter is not pledgeable? I believe mtier provides updates for firefox ESR and not chromium. Chromium has pledges patched in because it was structured for sandboxing. Firefox has W^X compliance and so runs with the secure defaults. The latest Firefox (Not ESR as mtier provides) has recently had sandboxing for Windows and Linux added and legacy extensions will be phased out. It is therefore likely possible to add pledge patches without depending on upstream and so Firefox could become the clear winner. Otherwise you have to decide for yourself. I'm not sure any browsers code quality is Good or which is better, which would be an important factor. Neither are particularly good at privacy but Firefox does allow clearing data on exit and has better extensions.
FF vs. Chrome/Chromium
Hi there! Last night I enjoyed reading through the different presentation slides from EuroBSDcon 2017. Relating to Theo's presentation on 'Pledge and Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) he states that firefox cannot be pledged while "chrome was strongly pledged in <1 week". I assume that this actually is 'chromium', right? Disregarding any addons, is it valid to say that for OpenBSD users chromium is "safer" than FF as the latter is not pledgeable? Just curious. STEFAN
