worth reading this post
scarybeastsecurity.blogspot.com/2014/09/using-
Conversation
Replying to
You should read newer information including on the value that ASan provides for an attacker, including from people who work on it. There are substantial drawbacks to using it. It's not simply a way of getting some weak memory protections. It causes substantial harm too.
1
2
Replying to
could you please share us further details to support your claims? you mentioned about those 'values' and 'substantial harm'? would that affect the FF ASan build?
2
Replying to
You're proposing doing something that was temporarily adopted by the Tor Project for a variant of the Tor Browser and then later determined to be a mistake. It has been consistently recommended against by researchers and the developers of ASan. You can do what you want though.
1
1
... you see, you cant just keep saying something without any proper sources.
I get what you want to say but you also need to provide something that makes people to understand your claims.
1
Replying to
I told you that you should read newer information from security researchers, ASan developers and take a look at how the Tor Project misused it for this and then determined it was a bad idea.
2
1
ASan makes you lose mitigations. It's not simply adding checks. You're removing security features in order to use it.
It logs errors by default and then continues on since it's a debugging tool. It can be configured set to stop after reporting an error but it's not the default.
1
1
UBSan in Clang (not GCC) is reasonable to use in production. ShadowCallStack (arm64 only) and the entire CFI feature were built for production usage and make a lot of sense to use globally. It requires work though.
1
1
Chromium has a sandbox protecting sites and browser data. Firefox doesn't: once the attack does the initial exploit and controls the renderer, they have everything in the browser. The sandbox protects the rest of the OS.
Chromium has CFI, and other hardening not in Firefox too.
1
1
ASan is not actually making the situation better. Overall, the advice is just counter-productive.
If you follow browser security, you'll see there are tons of vulnerabilities being found/fixed and occasionally exploited in the wild. It's not specific to any one of them.
Some browsers have substantially more effort put into finding and fixing those vulnerabilities proactively. In the grand scheme of things, this does not appear to be an approach that provides very good results though.
1