:: Re: [Dng] Plan for Devuan to use Mo…
Top Page
Delete this message
Reply to this message
Author: shraptor shraptor
Date:  
To: Jude Nelson
CC: dng@lists.dyne.org
Subject: Re: [Dng] Plan for Devuan to use Mozilla products as is
On Thursday, March 5, 2015, Jude Nelson <judecn@???> wrote:

> > Besides issues related to Chromium's poor support for privacy features,
> > it also has no real security support.
>
> No comment on the privacy features, but I beg to differ on the security.
> The fact that the Linux build of Chromium runs each tab and plugin in its
> own seccomp'ed process and runs them all separately from a "kernel" process
> puts the browser worlds ahead of Firefox in terms of security. Excluding
> project Electrolysis (which I look forward to), the fact that Firefox runs
> every tab in the same process means that one bad tab can compromise the
> whole browser without too much effort.
>


Tried e10 in nightly-builds, a lot of tab-crashing.

I however use firejail to sandbox/seccomp
firefox - works great. When namespaces gets properly included I hope it
would be hard to gain root.

I don't trust anything google
I like icecat




> By contrast, Chromium's kernel/process-per-tab factoring has led to secure
> browser designs [1] where this class of exploit and others are provably
> impossible.
>
> -Jude
>
> [1] http://goto.ucsd.edu/quark/
>
>
> On Wed, Mar 4, 2015 at 8:33 PM, Adam Borowski <kilobyte@???
> <javascript:_e(%7B%7D,'cvml','kilobyte@???');>> wrote:
>
>> On Wed, Mar 04, 2015 at 05:14:26PM -0600, T.J. Duchene wrote:
>> > >>>Is Devuan going to use the exact same guideline? If not,is there any
>> > >>>plan for Devuan to use Mozilla products as is in the future,
>> > >>>especially Firefox and Thunderbird?
>> >
>> > If I might offer an alternative suggestion? I'd rather see Devuan
>> > default to Chromium with NAPI support than use Firefox, period.
>>
>> Besides issues related to Chromium's poor support for privacy features,
>> it also has no real security support. There's nothing but "install the
>> newest and greatest, right now". Unlike Firefox' long-term-support
>> releases, any version of Chromium becomes unsupported the moment a new one
>> appears. Even worse, there's no heed that such new version builds on
>> toolchains which are not likewise "newest and greatest" (such as gcc-4.7).
>>
>> Please read:
>> https://lists.debian.org/debian-security-announce/2015/msg00031.html
>> -- there is no security support for Chromium on any Debian release:
>> support
>> on wheezy had to be dropped, while there's no jessie yet, and wheezy has
>> still 1.5 years of primary security support, not to even mention LTS.
>>
>> --
>> // If you believe in so-called "intellectual property", please immediately
>> // cease using counterfeit alphabets. Instead, contact the nearest temple
>> // of Amon, whose priests will provide you with scribal services for all
>> // your writing needs, for Reasonable and Non-Discriminatory prices.
>> _______________________________________________
>> Dng mailing list
>> Dng@??? <javascript:_e(%7B%7D,'cvml','Dng@???');>
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>>
>
>