Feature #5802
Harden the web browser at compile time
Start date:
Due date:
% Done:
100%
Description
{{toc}}
Rationale
Given our current release schedule, there’s one week in six when Tails users are vulnerable to a bunch of known security issues in Iceweasel.
Roadmap
- Find out what additional hardening compilation option can possibly be added to Iceweasel by the Debian maintainer. The Debian security team might be happy to help. Here’s what the maintainer’s already stated opinions on the topic (Debian bug #609975 and Debian bug #653191: I’m really not a big fan of -Wl,-z,relro and -Wl,-z,now. For instance, I’m not sure -z relro buys anything worth, while it may have a significant startup performance impact on big applications. (and if I’m not mistaken, -z relro actually makes things not work with selinux, seeing how selinux already breaks the mprotect that removes the write bit on code sections after text relocations). Moritz has doubts about the relro part, and Support for selinux in Debian is marginal at best, anyway. Last discussion about this was started on Debian bug #759165.
- Design a great plan.
- Implement a great plan.
- See what the maintainer is happy to take.
- If still needed, add more hardening compilation options to our own Iceweasel builds.
How others do
Hardening compilation options currently enabled in:
- upstream Firefox: none (31.0b7 and 24.6.0esr, for Linux 64-bit and 32-bit)
- TBB 4.0 nightly (20141007): everything enabled
- TBB 3.6.6, TBB 4.0-alpha-2:
- enabled: PIE, stack protected, fortify source, bindnow
- disabled: relro (https://trac.torproject.org/projects/tor/ticket/12103)
- Debian’s Iceweasel 17.0.3 ESR:
- enabled: stack protected, Fortify Source functions
- disabled: PIE, Read-only relocations, Immediate binding
- Ubuntu’s Firefox (using hardening-wrapper: PIE, stack protected, Fortify Source functions, Read-only relocations, Immediate binding
Related to…
- Once we have AppArmor support in Tails (
Feature #5370), we’ll probably want to use it as an additional way to contain the least powerful exploits a bit more. - Incremental upgrades may help putting out a minor Tails release a bit faster after a Firefox ESR release.
Subtasks
Related issues
Related to Tails - |
Resolved | 2014-09-24 | |
Related to Tails - |
Rejected | 2014-05-02 |
History
#1 Updated by intrigeri 2013-10-04 06:23:33
- Subject changed from harden Iceweasel at compile time to Harden Iceweasel at compile time
- Starter set to No
#2 Updated by BitingBird 2014-05-12 11:47:24
- Category set to 176
#3 Updated by intrigeri 2014-07-07 10:33:28
- Description updated
#4 Updated by intrigeri 2014-07-07 10:39:36
- Description updated
#5 Updated by intrigeri 2014-07-12 12:47:30
- Description updated
#6 Updated by intrigeri 2014-07-14 07:42:37
- Description updated
#7 Updated by intrigeri 2014-08-25 17:31:13
- Description updated
#8 Updated by intrigeri 2014-09-27 09:51:59
- related to
Feature #7953: Migrate to (something closer to) the Tor Browser added
#9 Updated by intrigeri 2014-09-27 09:56:39
- Description updated
Once we complete the migration to the TBB, we’ll get some more hardening (PIE, relro).
#10 Updated by intrigeri 2014-10-07 07:17:10
- Subject changed from Harden Iceweasel at compile time to Harden the web browser at compile time
#11 Updated by intrigeri 2014-10-07 07:18:08
- Description updated
#12 Updated by intrigeri 2014-10-08 03:27:44
- Description updated
#13 Updated by intrigeri 2014-10-08 08:12:03
- related to
Feature #7155: Build the browser with Address Sanitizer or SoftBound added
#14 Updated by intrigeri 2014-10-08 08:12:53
- Status changed from Confirmed to Fix committed
- Target version changed from Hardening_M1 to Tails_1.2
- % Done changed from 0 to 100
The migration to TBB gives us all that for free. Next step is Feature #7155.
#15 Updated by anonym 2014-10-16 08:10:22
- Status changed from Fix committed to Resolved