On Mon, 18 Dec 2017, Chris Adams wrote: > the requires downloads to be useful. I think simply requiring Mozilla > to change their policies is unacceptable, as this still depends on a > third party to properly enforce such policies (and not have any security > issue that could result in untrusted addons being installed). > > IMHO such behavior needs to be disabled by default in any packages > shipped by Fedora for Fedora to remain a trustworthy distribution. 'Electrolysis' was a Mozilla.org codeword for a sub-project enabling in an A:B sample, 'telemetry' -- that is keystroke logging, click monitoring, timing, and more, largely without prominent external notice. I had a performance issue related to inter-tab communication in a restrictive environment I run Firefox in, along with SElinux denials, and spent some time 'running down' several problems, in the early summer see: https://support.ant.com/hc/en-us/articles/115000513446-Firefox-51-Multi-Process see my bug: https://bugzilla.redhat.com/show_bug.cgi?id=1473754 upstream as well https://bugzilla.mozilla.org/show_bug.cgi?id=1383141 closed into: https://bugzilla.mozilla.org/show_bug.cgi?id=1376559 https://bugzilla.mozilla.org/show_bug.cgi?id=1129492 because SysV shared memory follows Unix's “same uid policy” and can't be restricted/brokered like file access. (It was observed when the initial attempt at a desktop content system call whitelist was made, but that was long enough ago that there could have been significant changes to how graphics work that might make this not a problem, so this should be double-checked.) There's a not-well-specified revision to use memory-mapped files (http://patchwork.freedesktop.org/patch/15082/) but I don't know what would need to happen to make it work — Ubuntu 14.04 has a new enough X server and should (I think?) have new enough libraries, but X clients still empirically use SysV (including the Firefox parent process). see also this: https://mjg59.dreamwidth.org/42320.html which implies a shm IPC privacy approach exists, but is not implemented. It ignores adding SELinux constexts, and so the unhopeful conculsion he draws may have been overtaken by events https://bugzilla.redhat.com/show_bug.cgi?id=1188290#c1 There was a related SELinux / no '--no-xshm IPC' filing upstream as well, which I cannot lay hands upon atm. It looks like others have noticed the 100 pct usage, and IPC problems as well https://bugzilla.redhat.com/show_bug.cgi?id=1471149 One had to notice such exfiltration of data, and go looking for how to turn it off. I did by watching squid logs of queries, seeing expected domains, and then going looking. Adding a prefs.js with // browser.tabs.remote.autostart = false browser.tabs.remote.autostart.2 = false // // ... above silently set itself true again 2017 08 29 // 52.2.0 (64-bit) ESR // Centos 7, 2017 09 update is: 52.3.0 (64-bit) was supposed to work, but it turned out that some process inside FF was able to over-ride and un-restrict such even when explicitly turned on. I had to change ownershop of the configuration file to root.root from userid.blah to stop that nonesense I start ff inside a 'ssh to a unpriv'd uid' localhost X forwarding tunnel -- it breaks sound and video, but ... * shrug * I'd rather not have data I care about being exfiltrated I believe Jan Horak inside RH does something similar https://bugzilla.mozilla.org/show_bug.cgi?id=1129492 'it looks like the Firefox over ssh is not used by masses' -- Russ herrold =============================== PEFF -- Privacy Enhanced Firefox invocation ... privacy enhanced, isolated userid firefox invocation startup PATH: PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/herrold/bin reduced path PATH: PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/herrold/bin current id: uid=500(herrold) gid=500(herrold) groups=500(herrold),10(wheel),135(mock),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 PEFF: ghola note: ghola is a non-priv'd user on localhost, [H/T: Frank Herbert] which we access via a keyed SSH connection to try to avoid some content exfiltration by hostile web browser applications: Firefox, Flash, etc THISHOST: centos-7.first.owlriver.net start: Mon Dec 18 09:45:31 EST 2017 Command: ssh -X -4 -l ghola centos-7.first.owlriver.net export ` dbus-launch ` ; firefox --no-remote -- now down in the limited, privacy enhanced firefox userid reduced path PATH: PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/ghola/bin current id: uid=606(ghola) gid=606(ghola) groups=606(ghola),498(pulse-access) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Command: umask 022 ; /usr/bin/firefox --no-remote -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
