guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.

From: Ian Eure
Subject: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
Date: Sat, 17 Feb 2024 08:09:22 -0800
User-agent: mu4e 1.10.8; emacs 29.1 

Clément Lassieur <clement@lassieur.org> writes:


On Tue, Feb 13 2024, Ian Eure wrote:
D. Fold the new (gnu packages wasm) into (gnu packages librewolf). This is the only place they’re used, but it sounds like there’s desire to port some of the other firefoxen to this stuff, so probably not a good long-term option.
Does Librewolf depend on the Wasm packages more than the other Firefox 
based browsers?
Upstream Librewolf doesn’t depend on the WASM packages more than any other Firefoxen. I believe that WASM sandboxing is an optional feature for recent Firefox and FF-derived browsers.
In case anyone reading this isn’t familiar: Firefox has taken some libraries that handle untrusted data (which are implemented in C/C++) and complied those WASM, which it runs in isolated sandboxes. The idea being that if there’s a vulnerability in one of those libraries, the impact will be diminished becasue the exploit runs in an environment with very limited privileges[1].
My point is that if your Librewolf package is independent from the Wasm packages, they can be split and reviewed independently.
The Librewolf package I’m submitting depends on these WASM packages; other Firefox-derived browsers currently in Guix don’t (because they can’t, because the toolchain isn’t in Guix).
That would make the Librewolf review shorter and easier, and the Wasm review more consistent and easy to test. Also, adding Wasm to our Firefox based browsers would be a one-shot. (Of course it doesn't have to be included in Icecat, but I think it would be great to have it in 
‘make-torbrowser’.)
I’m not sure what you mean by "adding Wasm to our Firefox based browsers would be a one-shot." Are you saying you want a process like: 

1a. Get wasm toolchain stuff merged.
1b. Get Librewolf merged without WASM sandboxing.
2. Update icecat, torbrowser, mullvad, and librewolf to use WASM sandboxing. 

Thanks,

 — Ian
[1]: See https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/ and https://blog.mozilla.org/attack-and-defense/2021/12/06/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ for more on this.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]