Re: FF vs. Chrome/Chromium

2017-09-29 Thread Stuart Henderson 
On 2017-09-28, Boudewijn Dijkstra  wrote:
> Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt  
>:
>>> Firefox has W^X compliance and so runs with the secure defaults.
>>
>> it uses page aliasing, which is a shitty way of being compliant
>
> Do you mean dual-mapping a.k.a. double-mapping?  I found some old patches  
> using a temporarily file and mmap w/ fd to achieve this, but they never  
> went in.
>
> This blog:
> https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/
> suggests that it is simply switching between RW and RX using mprotect.
>
> Can you please elaborate?
>
>

That was my understanding too, and that's what ktrace shows.

...
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x3)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x5)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x3)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x5)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x3)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x5)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x3)
 13015 firefox  RET   mprotect 0
 13015 firefox  CALL  mprotect(0x2c907b6eb000,0x1000,0x5)
 13015 firefox  RET   mprotect 0
...

Re: FF vs. Chrome/Chromium

2017-09-28 Thread Boudewijn Dijkstra 
Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt  
:

Firefox has W^X compliance and so runs with the secure defaults.


it uses page aliasing, which is a shitty way of being compliant


Do you mean dual-mapping a.k.a. double-mapping?  I found some old patches  
using a temporarily file and mmap w/ fd to achieve this, but they never  
went in.


This blog:
https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/
suggests that it is simply switching between RW and RX using mprotect.

Can you please elaborate?


--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: FF vs. Chrome/Chromium

2017-09-28 Thread Artur Pedziwilk 


> On 27 Sep 2017, at 16:44, Theo de Raadt  wrote:
> 
> you really shouldn't be promising that to anyone.  it might not happen,
> their design might not allow it.
> 
> pledge in giant programs is very rare.  chrome got LUCKY, and there is
> no evidence that firefox will also.

There was also another interesting presentation by Landry Breuil
about "7 years of maintaining firefox "
with "- sandboxing w/ `pledge()` ?"

https://www.openbsd.org/papers/eurobsdcon2017_seven_years_of_maintaining_firefox.md

but not sure if recordings will be available.

Re: FF vs. Chrome/Chromium

2017-09-27 Thread Theo de Raadt 
> Firefox has W^X compliance and so runs with the secure defaults.

it uses page aliasing, which is a shitty way of being compliant

> The latest Firefox (Not ESR as mtier provides) has recently had
> sandboxing for Windows and Linux added and legacy extensions will be
> phased out.
> 
> It is therefore likely possible to add pledge patches without depending
> on upstream and so Firefox could become the clear winner.

you really shouldn't be promising that to anyone.  it might not happen,
their design might not allow it.

pledge in giant programs is very rare.  chrome got LUCKY, and there is
no evidence that firefox will also.

































































































































































































































































n> 
> Otherwise you have to decide for yourself. I'm not sure any browsers
> code quality is Good or which is better, which would be an important
> factor.
> 
> Neither are particularly good at privacy but Firefox does allow
> clearing data on exit and has better extensions.
> 

1

Re: FF vs. Chrome/Chromium

2017-09-27 Thread Kevin Chadwick 
On Wed, 27 Sep 2017 14:49:19 +0200


> Hi there!
> 
> Last night I enjoyed reading through the different presentation
> slides from EuroBSDcon 2017.
> 
> Relating to Theo's presentation on 'Pledge and
> Privsep' (https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf)
> he states that firefox cannot be pledged while "chrome was strongly
> pledged in <1 week".
> 
> I assume that this actually is 'chromium', right? Disregarding any
> addons, is it valid to say that for OpenBSD users chromium is "safer"
> than FF as the latter is not pledgeable?

I believe mtier provides updates for firefox ESR and not
chromium.

Chromium has pledges patched in because it was structured for
sandboxing.

Firefox has W^X compliance and so runs with the secure defaults.

The latest Firefox (Not ESR as mtier provides) has recently had
sandboxing for Windows and Linux added and legacy extensions will be
phased out.

It is therefore likely possible to add pledge patches without depending
on upstream and so Firefox could become the clear winner.

Otherwise you have to decide for yourself. I'm not sure any browsers
code quality is Good or which is better, which would be an important
factor.

Neither are particularly good at privacy but Firefox does allow
clearing data on exit and has better extensions.

FF vs. Chrome/Chromium

2017-09-27 Thread Stefan Wollny 
Hi there!

Last night I enjoyed reading through the different presentation slides from 
EuroBSDcon 2017.

Relating to Theo's presentation on 'Pledge and Privsep' 
(https://www.openbsd.org/papers/eurobsdcon2017-pledge.pdf) he states that 
firefox cannot be pledged while "chrome was strongly pledged in <1 week".

I assume that this actually is 'chromium', right? Disregarding any addons, is 
it valid to say that for OpenBSD users chromium is "safer" than FF as the 
latter is not pledgeable?

Just curious.

STEFAN