I'm going to need rounding for large allocation sizes like jemalloc to work around poorly written applications and libraries with element-by-element realloc growth loops. GTK+ / Qt ecosystems are full of memory corruption & inefficient patterns like this.
github.com/AndroidHardeni
Conversation
It's all fine with server and command-line applications and on Android, but GTK+ and Qt applications often take a ridiculously long time to load because applications feel like reallocating 32 bytes to 32 MiB via realloc loops in increments of 32 bytes. Krita is particularly bad.
2
2
8
Epiphany does a lot of this but it's also packed full of memory corruption so it's hard to test performance... not that anyone should be using such an insecure browser anyway. Even Firefox's lack of meaningful sandboxing and other issues are way less bad than the WebKitGTK mess.
2
4
Replying to
Would you be able to elaborate on how you consider our sandbox not meaningful? I'm very eager to hear what suggestions you have. And in case you have found specific defects, I invite you to submit them to our bug bounty program (cf mozilla.org/en-US/security)
1
Replying to
Mozilla still owes me a bit of money, along with being in an enormous debt for all the volunteer work I did and the horrible treatment that I was given. I'm extremely unlikely to contribute anything else, and that includes not reporting vulnerabilities in any Mozilla projects.
I don't think you need specific reports of vulnerabilities in the sandbox to know that it's nowhere close to the same thing as the Chromium sandbox though, even before they implemented site isolation. I'm not even sure I would call the trivial sandbox bypasses bugs at this point.
1
It's not far enough along that someone actually has to put in a substantial effort to finding bugs to exploit in order to escape from it. You don't need to do something complex like exploiting a memory corruption. There's no sandbox in place at all on Android and barely on Linux.
1
Show replies
Replying to
I'm not going to reply to any kind of allegations on a character-constrained medium. 🤷♂️ However, our sandbox is in our bug bounty program. Everything that breaks out is a good report. memory corruption or not. Again I invite everyone to join our bug bounty program.
1
1
Replying to
Okay, and it being in the bug bounty program doesn't mean much when there are already major issues hindering the usefulness of the sandbox filed in the tracker. As I said, I'm also not planning on having Mozilla take advantage of me anymore. That's all you're putting forward.
1
Show replies