> On Sep 19, 2022, at 2:21 PM, jvoisin via Tails-dev <tails-dev@boum.org> wrote:
>
>>> Has anyone looked into adding -D_FORTIFY_SOURCE=3 to some
>>> It's unclear how much the performance impact is; probably the only way to
>>> know is to try it.
>
> I'd argue that it's also unclear what security benefits it would bring
> to a web-browser :P
I don't know what Firefox's numbers are, but 70% of Chrome's vulnerabilities
over the
last few years were memory safety vulnerabilities:
https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/
I would expect the Firefox numbers would be similar. In Firefox
the *Rust* parts with safety enabled would be immune, but a large amount of
Firefox isn't
written in the safe subset of Rust.
So yes, hardening against memory safety problems is a *good* thing to do for
web browsers in general. It's not clear if this *specific* change is worth
doing,
but I think it's worth considering.
--- David A. Wheeler
_______________________________________________
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
