2262277 – Build with "--enable-replace-malloc"

Bug 2262277 - Build with "--enable-replace-malloc"

Summary: Build with "--enable-replace-malloc"

Keywords:
Status:	CLOSED DUPLICATE of bug 2260766
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	39
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Gecko Maintainer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-02-01 14:34 UTC by Henning
Modified:	2024-02-07 00:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2024-02-07 00:17:43 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	secureblue secureblue issues 171	0	None	closed	Firefox binary not executable	2024-02-01 14:35:10 UTC

Description Henning 2024-02-01 14:34:34 UTC

Description of problem:
When using hardened_malloc using LD_PRELOAD, Firefox does not launch.

The problem is that Firefox uses its allocator jemalloc by default, which somehow doesnt seem to be compatible.

Version-Release number of selected component (if applicable):

latest

How reproducible:

always, gives Memory errors

Steps to Reproduce:
1. use a Distro like Secureblue (github.com/secureblue/secureblue) or manually install hardened_malloc from COPR (secureblue/hardened_malloc)
2. preload the hardened_malloc (default for Secureblue also on Flatpaks)
3. launch Firefox

Actual results:
Firefox doesnt launch

Expected results:
Firefox should also use hardened_malloc and work

Additional info:
hardened_malloc is a general purpose memory allocator made by GrapheneOS developers. It works really well with Desktop Linux (I am using it right now) and it is available on many Distros, not yet on Fedora but see the COPR.

hardened_malloc protects against various exploits and is a big security improvement. On Android GrapheneOS uses it also with success.

Chromium works well with it, and I built Firefox manually with these arguments:

```
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-firefox
ac_add_options --enable-optimize --disable-jemalloc --disable-debug --enable-project=browser
```

The result was Firefox Nightly, confirmed that all processes use hardened malloc (Github comment: https://github.com/secureblue/secureblue/issues/171#issuecomment-1913320907)

Also this Firefox ran without any problems, I ran the web Basemark tests multiple times without any problems, and also the Thorium WebGL tests, as well as regular browsing.

---

Now this build flag may break Firefox on regular Fedora. An alternative supposedly is to use `--enable-replace-malloc` which make Firefox respect the LD_PRELOAD. (https://glandium.org/blog/?p=2848)

I have not tested this but it should cause no differences at all. The result would be the same on Fedora, with the difference that using hardened_malloc would just work, if an LD_PRELOAD is applied like on Secureblue.

(Worth noting that Fedora Firefox can currently not be installed on Secureblue, as ublue upstream includes it and it was removed using an override remove, which cannot be reversed due to an rpm-ostree issue)

I would really like to use regular Fedora Firefox, and it seems Mozilla doesn't want to apply this parameter.

It should not open up any weaknesses that make sense, because if an attacker could preload a malloc with added exploits they could also just read the Firefox passwords or a lot more (as by default no Masterpassword is used)

Comment 1 Henning 2024-02-07 00:17:43 UTC


*** This bug has been marked as a duplicate of bug 2260766 ***

Note You need to log in before you can comment on or make changes to this bug.