You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello. I see that there are some misconceptions on the kicksecure wiki. First a few corrections are to be made. Firefox can work with hardened-malloc. I already knew this was possible with a compilation flag. But recently, I found out it is also possible on a normal firefox build. You see, firefox uses its own memory allocator, mozjemalloc, which is practically a fork of jemalloc, and jemalloc is practically garbage in terms of security. Anyway, thats why the crashes happen when we preload it, because two memory allocators compete. Now, it is possible to disable the built in allocator without recompiling, apparently.
Steps to follow:
Run LD_PRELOAD='libhardened_malloc.so' firefox --disable-jemalloc
That's it
I've done basic tests. Went to some websites and did some stuff, seems to work just a ok. Please correct me if something still breaks for you.
So, why don't we just integrate this compatibility patch directly in our hardened-malloc packaging. I don't know, the most no brainer way to do this would be:
Create a symlink sudo ln -s /usr/lib/firefox/firefox-launcher.sh /usr/local/bin/firefox
*Voila, no more jemalloc ever.
This is just the simplest idea that comes to mind. Also, LD_PRELOAD is kind of a no no in terms of security, especially if we aim to enable hardened-malloc for everything, which we do. We know there is one service that needs an exception, the crypt setup thing, which we can just do with a dropin file. And for firefox, we can just do this, which is not an exemption, but like a patch.
Also flatpaks are not necessarily exempt from hardened-malloc. We can just create a global bubblewrite override that has the environment variable.
But preferably, we need to stop using the preload method to enable hardened-malloc. The real super duper solution in the very origin is to integrate hardened-malloc into glibc (gnu c library). Which is really, really trivial to do, if we just compile it ourselves. But is it possible without recompilation? Don't know.
Also another side note as to why ld_preloading is a bad way to use hardened-malloc: environment scrubbing in apparmor can mess up with it.
The text was updated successfully, but these errors were encountered:
Hello. I see that there are some misconceptions on the kicksecure wiki. First a few corrections are to be made. Firefox can work with hardened-malloc. I already knew this was possible with a compilation flag. But recently, I found out it is also possible on a normal firefox build. You see, firefox uses its own memory allocator, mozjemalloc, which is practically a fork of jemalloc, and jemalloc is practically garbage in terms of security. Anyway, thats why the crashes happen when we preload it, because two memory allocators compete. Now, it is possible to disable the built in allocator without recompiling, apparently.
Steps to follow:
LD_PRELOAD='libhardened_malloc.so' firefox --disable-jemallocI've done basic tests. Went to some websites and did some stuff, seems to work just a ok. Please correct me if something still breaks for you.
So, why don't we just integrate this compatibility patch directly in our hardened-malloc packaging. I don't know, the most no brainer way to do this would be:
cd /usr/lib/firefoxsudo nano firefox-launcher.shPaste this
Save it
Make it executable
Create a symlink
sudo ln -s /usr/lib/firefox/firefox-launcher.sh /usr/local/bin/firefox*Voila, no more jemalloc ever.
This is just the simplest idea that comes to mind. Also, LD_PRELOAD is kind of a no no in terms of security, especially if we aim to enable hardened-malloc for everything, which we do. We know there is one service that needs an exception, the crypt setup thing, which we can just do with a dropin file. And for firefox, we can just do this, which is not an exemption, but like a patch.
Also flatpaks are not necessarily exempt from hardened-malloc. We can just create a global bubblewrite override that has the environment variable.
But preferably, we need to stop using the preload method to enable hardened-malloc. The real super duper solution in the very origin is to integrate hardened-malloc into glibc (gnu c library). Which is really, really trivial to do, if we just compile it ourselves. But is it possible without recompilation? Don't know.
Also another side note as to why ld_preloading is a bad way to use hardened-malloc: environment scrubbing in apparmor can mess up with it.
The text was updated successfully, but these errors were encountered: