search

ben-grande / qusal

Salt Formulas for Qubes OS.
19 stars 7 forks source link

unconditionally enabling Hardened Malloc breaks browsers #15

Closed adrelanos closed 8 months ago

adrelanos commented 8 months ago

https://github.com/ben-grande/qusal/blob/main/salt/kicksecure-minimal/files/template/ld.so.preload

This is documented here: https://www.kicksecure.com/wiki/Hardened_Malloc#Browsers

That is (a) reason why it's not enabled by default in Kicksecure upstream.

ben-grande commented 8 months ago

This is unfortunate but I don't plan to remove it. As of now, the Kicksecure template is not being used to base qubes upon that. I haven't use it extensively to see what is broken.

If I want to base a browser qube on Kicksecure, I would have to disable hardened-malloc, which then would remove a needed protection for a qube that does only web browsing... I can, however, disable hardened malloc for browser qubes, in case the salt/browser projec t start supporting it.

Do you see any problem with this approach?

adrelanos commented 8 months ago

It's an opt-in feature as per Kicksecure default. The user very much needs to know what has been opt-ed in and how to opt-out. The best way for the user to know that is to manually opt-in.

Other than browsers also other applications are still being found and documented to be broken. Latest addition from today: PHP. Reference:

https://www.kicksecure.com/wiki/Hardened_Malloc#php