GNU bug report logs - #67512
[PATCH 0/5] Add LibreWolf

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Tue, 28 Nov 2023 20:12:01 UTC

Severity: normal

Tags: patch

Done: Andrew Tropin <andrew <at> trop.in>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ian Eure <ian <at> retrospec.tv>
To: Clément Lassieur <clement <at> lassieur.org>
Cc: 67512 <at> debbugs.gnu.org, Mark H Weaver <mhw <at> netris.org>, Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Subject: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
Date: Sat, 17 Feb 2024 08:09:22 -0800

Clément Lassieur <clement <at> lassieur.org> writes:

> On Tue, Feb 13 2024, Ian Eure wrote:
>
>> D. Fold the new (gnu packages wasm) into (gnu packages 
>> librewolf). This is the
>> only place they’re used, but it sounds like there’s desire to 
>> port some of the
>> other firefoxen to this stuff, so probably not a good long-term 
>> option.
>
> Does Librewolf depend on the Wasm packages more than the other 
> Firefox
> based browsers?

Upstream Librewolf doesn’t depend on the WASM packages more than 
any other Firefoxen.  I believe that WASM sandboxing is an 
optional feature for recent Firefox and FF-derived browsers.


In case anyone reading this isn’t familiar: Firefox has taken some 
libraries that handle untrusted data (which are implemented in 
C/C++) and complied those WASM, which it runs in isolated 
sandboxes.  The idea being that if there’s a vulnerability in one 
of those libraries, the impact will be diminished becasue the 
exploit runs in an environment with very limited privileges[1].


> My point is that if your Librewolf package is independent from 
> the Wasm packages, they can be split and reviewed independently.

The Librewolf package I’m submitting depends on these WASM 
packages; other Firefox-derived browsers currently in Guix don’t 
(because they can’t, because the toolchain isn’t in Guix).


> That would make the Librewolf review shorter and easier, and the 
> Wasm
> review more consistent and easy to test.  Also, adding Wasm to 
> our
> Firefox based browsers would be a one-shot.  (Of course it 
> doesn't have
> to be included in Icecat, but I think it would be great to have 
> it in
> ‘make-torbrowser’.)
>

I’m not sure what you mean by "adding Wasm to our Firefox based 
browsers would be a one-shot."  Are you saying you want a process 
like:

1a. Get wasm toolchain stuff merged.
1b. Get Librewolf merged without WASM sandboxing.
2. Update icecat, torbrowser, mullvad, and librewolf to use WASM 
sandboxing.

Thanks,

 — Ian

[1]: See 
https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/ 
and 
https://blog.mozilla.org/attack-and-defense/2021/12/06/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ 
for more on this.
This bug report was last modified 1 year and 83 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.