browser security in OpenBSD

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

browser security in OpenBSD

Mihai Popescu-3
Hello,

I see there is some work in Chromium to implement secure browsing. I
was using both Chromium and Firefox over the past years. If I got it
right, here is a summary of implementations:
Chromium: W^X, pledge, unveil
Firefox: W^X

I don't want to start a brosers' war, but what is best to run strictly
from security point of view at this time?

Thanks.

Reply | Threaded
Open this post in threaded view
|

Re: browser security in OpenBSD

Chris Bennett-4
On Sat, Jan 05, 2019 at 03:38:16PM +0200, Mihai Popescu wrote:
> Hello,
>
> I see there is some work in Chromium to implement secure browsing. I
> was using both Chromium and Firefox over the past years. If I got it
> right, here is a summary of implementations:
> Chromium: W^X, pledge, unveil
> Firefox: W^X
>

I'm going to throw in the question of how is upstream itself a question
of security.
These are very big moving targets.
Are they proceeding cautiously forward or hell burnt for leather at any
cost?
I guess a good metaphor would be OpenBSD constantly breaking httpd and
pf in order to make them more secure. And releasing broken versions.
Is upstream doing this sort of thing as they develop?

I also agree, no browser war. I have to use both. Each one fails at
something important I do.

Chris Bennett


Reply | Threaded
Open this post in threaded view
|

Re: browser security in OpenBSD

Stuart Henderson
In reply to this post by Mihai Popescu-3
On 2019-01-05, Mihai Popescu <[hidden email]> wrote:
> Hello,
>
> I see there is some work in Chromium to implement secure browsing. I
> was using both Chromium and Firefox over the past years. If I got it
> right, here is a summary of implementations:
> Chromium: W^X, pledge, unveil

chromium doesn't have W^X but is more sandbox-friendly in the design upstream
which means it has more meaningful pledge restrictions (5 or so process types
with fairly small pledges, the majority of them having no network access),
unveil is also used by default in -current which restricts access to files,
for example with default settings it no longer has access to many files in
your home directory (specific access is granted to some "dotfiles" and a
smallish number of paths in .config/.cache/.local etc, and ~/Downloads,
so things like ~/.ssh are blocked off).

> Firefox: W^X

firefox has W^X but only main + content process types, both of which have
both network and disk access. (the most common setup in programs which
are a good fit with pledge is to separate these; if you look in /usr/src
you'll see that in the majority of cases a program will *either* have
disk access *or* network access after pledging, but often not both
together).

so (*just* referring to the more openbsd-ish security features), there's
more memory protection in firefox, more of other types of protection
in chrome.

> I don't want to start a brosers' war, but what is best to run strictly
> from security point of view at this time?
>
> Thanks.
>
>