Skip to content
This repository was archived by the owner on Dec 17, 2024. It is now read-only.
This repository was archived by the owner on Dec 17, 2024. It is now read-only.

Integrate Firefox Compatibility to the Package #4

Open
Open
Integrate Firefox Compatibility to the Package#4
@monsieuremre

Description

@monsieuremre
monsieuremre
opened on Mar 18, 2024

Hello. I see that there are some misconceptions on the kicksecure wiki. First a few corrections are to be made. Firefox can work with hardened-malloc. I already knew this was possible with a compilation flag. But recently, I found out it is also possible on a normal firefox build. You see, firefox uses its own memory allocator, mozjemalloc, which is practically a fork of jemalloc, and jemalloc is practically garbage in terms of security. Anyway, thats why the crashes happen when we preload it, because two memory allocators compete. Now, it is possible to disable the built in allocator without recompiling, apparently.

Steps to follow:

  • Run LD_PRELOAD='libhardened_malloc.so' firefox --disable-jemalloc
  • That's it

I've done basic tests. Went to some websites and did some stuff, seems to work just a ok. Please correct me if something still breaks for you.

So, why don't we just integrate this compatibility patch directly in our hardened-malloc packaging. I don't know, the most no brainer way to do this would be:

  • cd /usr/lib/firefox

  • sudo nano firefox-launcher.sh

  • Paste this

#!/bin/bash
exec /usr/lib/firefox/firefox --disable-jemalloc "$@"

  • Save it

  • Make it executable

  • Create a symlink sudo ln -s /usr/lib/firefox/firefox-launcher.sh /usr/local/bin/firefox

*Voila, no more jemalloc ever.

This is just the simplest idea that comes to mind. Also, LD_PRELOAD is kind of a no no in terms of security, especially if we aim to enable hardened-malloc for everything, which we do. We know there is one service that needs an exception, the crypt setup thing, which we can just do with a dropin file. And for firefox, we can just do this, which is not an exemption, but like a patch.

Also flatpaks are not necessarily exempt from hardened-malloc. We can just create a global bubblewrite override that has the environment variable.

But preferably, we need to stop using the preload method to enable hardened-malloc. The real super duper solution in the very origin is to integrate hardened-malloc into glibc (gnu c library). Which is really, really trivial to do, if we just compile it ourselves. But is it possible without recompilation? Don't know.

Also another side note as to why ld_preloading is a bad way to use hardened-malloc: environment scrubbing in apparmor can mess up with it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions