From: Ian Eure <ian@retrospec.tv>
To: "Clément Lassieur" <clement@lassieur.org>
Cc: 67512@debbugs.gnu.org, Mark H Weaver <mhw@netris.org>,
Liliana Marie Prikler <liliana.prikler@gmail.com>
Subject: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
Date: Sat, 17 Feb 2024 08:09:22 -0800 [thread overview]
Message-ID: <871q9bdpn3.fsf@retrospec.tv> (raw)
In-Reply-To: <877cj4fpo6.fsf@lassieur.org>
Clément Lassieur <clement@lassieur.org> writes:
> On Tue, Feb 13 2024, Ian Eure wrote:
>
>> D. Fold the new (gnu packages wasm) into (gnu packages
>> librewolf). This is the
>> only place they’re used, but it sounds like there’s desire to
>> port some of the
>> other firefoxen to this stuff, so probably not a good long-term
>> option.
>
> Does Librewolf depend on the Wasm packages more than the other
> Firefox
> based browsers?
Upstream Librewolf doesn’t depend on the WASM packages more than
any other Firefoxen. I believe that WASM sandboxing is an
optional feature for recent Firefox and FF-derived browsers.
In case anyone reading this isn’t familiar: Firefox has taken some
libraries that handle untrusted data (which are implemented in
C/C++) and complied those WASM, which it runs in isolated
sandboxes. The idea being that if there’s a vulnerability in one
of those libraries, the impact will be diminished becasue the
exploit runs in an environment with very limited privileges[1].
> My point is that if your Librewolf package is independent from
> the Wasm packages, they can be split and reviewed independently.
The Librewolf package I’m submitting depends on these WASM
packages; other Firefox-derived browsers currently in Guix don’t
(because they can’t, because the toolchain isn’t in Guix).
> That would make the Librewolf review shorter and easier, and the
> Wasm
> review more consistent and easy to test. Also, adding Wasm to
> our
> Firefox based browsers would be a one-shot. (Of course it
> doesn't have
> to be included in Icecat, but I think it would be great to have
> it in
> ‘make-torbrowser’.)
>
I’m not sure what you mean by "adding Wasm to our Firefox based
browsers would be a one-shot." Are you saying you want a process
like:
1a. Get wasm toolchain stuff merged.
1b. Get Librewolf merged without WASM sandboxing.
2. Update icecat, torbrowser, mullvad, and librewolf to use WASM
sandboxing.
Thanks,
— Ian
[1]: See
https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/
and
https://blog.mozilla.org/attack-and-defense/2021/12/06/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/
for more on this.
next prev parent reply other threads:[~2024-02-17 16:25 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-28 20:09 [bug#67512] [PATCH 0/5] Add LibreWolf Ian Eure
2023-11-28 20:13 ` [bug#67512] [PATCH 1/5] gnu: icu4c: Update to 73.1 Ian Eure
2023-11-28 20:13 ` [bug#67512] [PATCH 2/5] gnu: Add icu4c-71 Ian Eure
2023-11-28 20:13 ` [bug#67512] [PATCH 3/5] gnu: node: Switch to icu4c-71 Ian Eure
2023-11-28 20:13 ` [bug#67512] [PATCH 4/5] gnu: Add wasm packages Ian Eure
2023-11-28 20:13 ` [bug#67512] [PATCH 5/5] gnu: Add librewolf Ian Eure
2023-12-10 21:57 ` [bug#67512] [PATCH 0/5] Add LibreWolf Ludovic Courtès
2023-12-10 22:28 ` Ian Eure
2023-12-14 18:39 ` Ludovic Courtès
2024-01-13 17:53 ` [bug#67512] [PATCH 5/5] gnu: Add librewolf Herman Rimm via Guix-patches via
2024-01-28 21:23 ` Ian Eure
2024-01-28 22:51 ` Ian Eure
2024-02-02 18:44 ` Herman Rimm via Guix-patches via
2024-02-06 23:29 ` Ian Eure
2024-02-07 10:06 ` Clément Lassieur
2024-01-17 15:43 ` [bug#67512] [PATCH 0/5] Add LibreWolf Clément Lassieur
2024-02-17 16:06 ` Ian Eure
2024-02-11 19:20 ` [bug#67512] [PATCH v2 0/4] Add Librewolf Ian Eure
2024-02-11 20:22 ` Clément Lassieur
2024-02-11 23:23 ` Ian Eure
2024-02-11 23:32 ` Clément Lassieur
2024-02-11 19:20 ` [bug#67512] [PATCH v2 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c Ian Eure
2024-02-11 21:40 ` Mark H Weaver
2024-02-11 22:14 ` Clément Lassieur
2024-02-11 23:23 ` Ian Eure
2024-02-11 23:34 ` Clément Lassieur
2024-02-11 19:20 ` [bug#67512] [PATCH v2 2/4] gnu: nss: Update to 3.97 Ian Eure
2024-02-11 19:20 ` [bug#67512] [PATCH v2 3/4] gnu: Add wasm packages Ian Eure
2024-02-11 19:20 ` [bug#67512] [PATCH v2 4/4] gnu: Add librewolf Ian Eure
2024-02-11 23:49 ` [bug#67512] [PATCH v3 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c Ian Eure
2024-02-11 23:49 ` [bug#67512] [PATCH v3 2/4] gnu: nss: Update to 3.97 Ian Eure
2024-02-11 23:49 ` [bug#67512] [PATCH v3 3/4] gnu: Add wasm packages Ian Eure
2024-02-11 23:49 ` [bug#67512] [PATCH v3 4/4] gnu: Add librewolf Ian Eure
2024-02-13 20:34 ` [bug#67512] [PATCH v4 0/4] Add LibreWolf Ian Eure
2024-02-13 20:34 ` [bug#67512] [PATCH v4 1/4] gnu: Move icu4c-73 from gnuzilla to icu4c Ian Eure
2024-02-14 18:05 ` Mark H Weaver
2024-02-16 14:02 ` Clément Lassieur
2024-02-17 16:07 ` Ian Eure
2024-02-21 11:49 ` Clément Lassieur
2024-02-22 1:07 ` Ian Eure
2024-02-22 10:21 ` Clément Lassieur
2024-02-22 14:34 ` Mark H Weaver
2024-02-23 0:56 ` Ian Eure
2024-02-13 20:34 ` [bug#67512] [PATCH v4 2/4] gnu: nss: Update to 3.97 Ian Eure
2024-02-13 20:34 ` [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages Ian Eure
2024-02-13 22:41 ` Liliana Marie Prikler
2024-02-13 23:22 ` Ian Eure
2024-02-16 14:29 ` Clément Lassieur
2024-02-16 21:48 ` Mark H Weaver
2024-02-17 16:09 ` Ian Eure [this message]
2024-02-21 2:00 ` Clément Lassieur
2024-02-21 2:18 ` Ian Eure
2024-02-21 5:20 ` Liliana Marie Prikler
2024-02-21 11:45 ` Clément Lassieur
2024-02-22 0:07 ` Ian Eure
2024-02-22 10:19 ` Clément Lassieur
2024-03-09 21:20 ` Ian Eure
2024-02-21 14:32 ` Mark H Weaver
2024-02-13 20:34 ` [bug#67512] [PATCH v4 4/4] gnu: Add librewolf Ian Eure
2024-02-25 0:53 ` [bug#67512] [PATCH v5 0/2] Add LibreWolf Ian Eure
2024-02-25 0:53 ` [bug#67512] [PATCH v5 1/2] gnu: nss: Update to 3.97 Ian Eure
2024-02-25 0:53 ` [bug#67512] [PATCH v5 2/2] gnu: Add librewolf Ian Eure
2024-03-13 9:07 ` [bug#67512] Feedback for Librewolf package Romain Garbage
2024-03-15 14:05 ` Ian Eure
2024-03-29 22:34 ` [bug#67512] [PATCH v6 0/2] Add LibreWolf Ian Eure
2024-03-29 22:34 ` [bug#67512] [PATCH v6 1/2] gnu: nss: Update to 3.98 Ian Eure
2024-03-29 22:34 ` [bug#67512] [PATCH v6 2/2] gnu: Add librewolf Ian Eure
2024-04-06 15:04 ` [bug#67512] [PATCH v7 0/3] Add LibreWolf Ian Eure
2024-04-06 15:04 ` [bug#67512] [PATCH v7 1/3] gnu: Add nss-3.98 Ian Eure
2024-04-06 15:04 ` [bug#67512] [PATCH v7 2/3] gnu: Add nss-certs-3.98 Ian Eure
2024-04-06 15:04 ` [bug#67512] [PATCH v7 3/3] gnu: Add librewolf Ian Eure
2024-04-12 13:11 ` bug#67512: [PATCH v7 0/3] Add LibreWolf Andrew Tropin via Guix-patches via
2024-04-27 10:46 ` [bug#67512] " Clément Lassieur
2024-04-27 17:19 ` bug#67512: " Ian Eure
2024-04-27 18:21 ` [bug#67512] " Ian Eure
2024-04-28 8:59 ` Clément Lassieur
2024-04-12 11:32 ` [bug#67512] [PATCH 0/5] " Sharlatan Hellseher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871q9bdpn3.fsf@retrospec.tv \
--to=ian@retrospec.tv \
--cc=67512@debbugs.gnu.org \
--cc=clement@lassieur.org \
--cc=liliana.prikler@gmail.com \
--cc=mhw@netris.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.