You are not logged in.

#1 2019-06-15 10:55:32

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Naive question: security building chromium without some features?

I noticed that the new release of chromium pulls down pipewire and its deps which got me wondering about potential security concerns about building in some features of chromium that I don't use like desktop sharing, google hangouts services, and widevine...

1) Would rebuilding without these offer any tangible security benefit?
2) Does this PKGBUILD look sane/can any deps or build deps be removed?
3) Are there any other optional features to consider disabling?

Diff from current chromium PKGBUILD.
Full PKGBUILD draft.

Last edited by graysky (2019-06-15 13:28:19)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2019-06-15 19:41:21

Nickolas0
Member
Registered: 2019-02-16
Posts: 14

Re: Naive question: security building chromium without some features?

On side note: pipewire aims to be more secure replacement for pulseaudio so in the future it isn't bad having it installed.

Offline

#3 2019-06-15 21:58:11

latalante1
Member
Registered: 2018-08-30
Posts: 24

Re: Naive question: security building chromium without some features?

I do not use Wayland. I do not use screen sharing. I do not need additional packages in my system. Absurd.

cdparanoia graphene gst-plugins-base gst-plugins-base-libs gstreamer libvisual pipewire rtkit sbc

Google Chrome does not require the existence of a pipewire from me. Although I can use it (provided that the required library is installed libpipewire-0.2.so.1).
https://cs.chromium.org/chromium/src/th … re.cc?l=50
I can turn it off.
chrome://flags/#enable-webrtc-pipewire-capturer

Fedora does the same with his Chromium from version 73.
https://src.fedoraproject.org/rpms/chro … nch=master
Pipewire is not required when installing chromium, this is an optional dependency (and not a necessity).

Offline

#4 2019-06-15 22:04:59

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Re: Naive question: security building chromium without some features?

@latalante1 - You should open a bug report asking to have it listed as an optdep then.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#5 2019-06-16 11:45:44

latalante1
Member
Registered: 2018-08-30
Posts: 24

Re: Naive question: security building chromium without some features?

graysky wrote:

@latalante1 - You should open a bug report asking to have it listed as an optdep then.

Uninstalled. I switched to google chrome.

You can disable both pipewire and widevine.
chrome://flags/#enable-webrtc-pipewire-capturer
chrome://settings/content/protectedContent
https://bitmovin.com/demos/drm

Offline

#6 2019-06-16 14:52:01

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Re: Naive question: security building chromium without some features?

I understand there are switches to disable, but as you pointed out, pipewire requires approx 100M of deps and I think if you compile against it (as the official PKGBUILD does), you cannot run chromium without it.  My strategy is to recompile without it and since I have to spend the time to do that, am wondering about disabling some other stuff I don't want compiled in (widevine and hangouts services are two others I found).  Feedback by users with more knowledge to my questions in the original thread are still welcomed big_smile

graysky wrote:

1) Would rebuilding without these offer any tangible security benefit?
2) Does this PKGBUILD look sane/can any deps or build deps be removed?
3) Are there any other optional features to consider disabling?

Diff from current chromium PKGBUILD.
Full PKGBUILD draft.

EDIT:
@latalante1 - I added my current build of chromium-no-extras to repo-ck should you wish to use it.

Last edited by graysky (2019-06-16 14:56:30)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#7 2019-06-16 23:36:27

latalante1
Member
Registered: 2018-08-30
Posts: 24

Re: Naive question: security building chromium without some features?

latalante1 wrote:

Fedora does the same with his Chromium from version 73.
Pipewire is not required when installing chromium, this is an optional dependency (and not a necessity).

It is not so sweet. When installing a chromium, the pipewire and its dependencies (same large) are added.

Offline

#8 2019-06-17 19:06:46

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Re: Naive question: security building chromium without some features?

@latalante - Right:

graysky wrote:

...pipewire requires approx 100M of deps and I think if you compile against it (as the official PKGBUILD does), you cannot run chromium without it.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#9 2019-06-17 20:56:11

latalante1
Member
Registered: 2018-08-30
Posts: 24

Re: Naive question: security building chromium without some features?

It annoys strongly.
Google Chrome takes 23 functions necessary for the operation (pipewire support).

pw_core_destroy, pw_core_get_type, pw_core_new, pw_init, pw_loop_destroy, pw_loop_new, pw_properties_new_string, pw_remote_add_listener, pw_remote_connect_fd, pw_remote_destroy, pw_remote_new, pw_stream_add_listener, pw_stream_connect, pw_stream_dequeue_buffer, pw_stream_destroy, pw_stream_finish_format, pw_stream_new, pw_stream_queue_buffer, pw_stream_set_active, pw_thread_loop_destroy, pw_thread_loop_new, pw_thread_loop_start, pw_thread_loop_stop

Linux distributions add to the Chromium the entire pipewire library with additions (~100MB).
I prefer the solution of google.

Offline

#10 2019-06-18 10:24:14

latalante1
Member
Registered: 2018-08-30
Posts: 24

Re: Naive question: security building chromium without some features?

In the margin. I have not met with such slow Chromium as it is in Fedora. About 23% slower in the benchmark browserbench compared to google chrome.
Is it because of using them to compile gcc instead of clang? I've heard that Skia is only optimized for him. That's a big difference.

One more difference. Google Chrome running in chroot with fedora is faster by about 5-8% (browserbench and other tests) from the same fired under Arch Linux. Everything is the same: chrome, kernel, xorg, graphic drivers. Major diffrence. What could be the reason? The main candidate in my opinion is the latest version of glibc (compiled with the help of gcc 9.1.0).

Edit:
Fedora Firefox also compiles using gcc and is well optimized (probably thanks to PGO + LTO).

Edit2:
Perf top: comparison google chrome (launched browserbench). It marks the difference in memcpy.

Arch Linux
2.78%  libc-2.29.so                [.] __memcpy_ssse3
2.57%  chrome                      [.] Clamp_S32_opaque_D32_nofilter_DX_shaderproc
2.30%  chrome                      [.] v8::internal::Scavenger::ScavengeObject<v8::internal::FullHeapObjectSlot>
1.81%  perf                            [.] hpp__sort_overhead
1.79%  [kernel]                      [k] copy_user_generic_string

Fedora
2.62%  chrome                   [.] Clamp_S32_opaque_D32_nofilter_DX_shaderproc
1.91%  perf                        [.] hpp__sort_overhead
1.90%  [kernel]                   [k] copy_user_generic_string
1.67%  chrome                   [.] Builtins_LdaNamedPropertyHandler
1.67%  libc-2.29.so             [.] __memcpy_ssse3

Last edited by latalante1 (2019-06-18 19:03:55)

Offline

#11 2019-06-21 21:50:56

zsx
Member
Registered: 2018-05-10
Posts: 15

Re: Naive question: security building chromium without some features?

graysky wrote:

I noticed that the new release of chromium pulls down pipewire and its deps which got me wondering about potential security concerns about building in some features of chromium that I don't use like desktop sharing, google hangouts services, and widevine...

I am also very concerned about this.

graysky wrote:

1) Would rebuilding without these offer any tangible security benefit?
2) Does this PKGBUILD look sane/can any deps or build deps be removed?
3) Are there any other optional features to consider disabling?

+ chromedriver can also be disabled [ https://packages.debian.org/sid/amd64/c … r/filelist ].

latalante1 wrote:

I do not need additional packages in my system. Absurd.
It annoys strongly.

I fully agree and confirm.

Offline

#12 2019-06-21 23:06:34

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Re: Naive question: security building chromium without some features?

zsx wrote:

+ chromedriver can also be disabled [ https://packages.debian.org/sid/amd64/c … r/filelist ].

I don't see a compile time option for it, but there is a reference to calling ninja to build it:

...
  gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
  ninja -C out/Release chrome chrome_sandbox chromedriver

And some manual packaging:

...
  ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
...
  cp \
    out/Release/{chrome_{100,200}_percent,resources}.pak \
    out/Release/{*.bin,chromedriver} \
    "$pkgdir/usr/lib/chromium/"
...

Perhaps removing that token from the build and modifying the cp command is sufficient given that the debian package you referenced literally supplies the executable and some docs.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#13 2019-06-21 23:26:13

zsx
Member
Registered: 2018-05-10
Posts: 15

Re: Naive question: security building chromium without some features?

chromium-driver in debian - optional dependency. I never install it there. No problems noticed.
Thanks for chromium-no-extras from your repo, @graysky!

Offline

#14 2019-06-22 14:14:29

progandy
Member
Registered: 2012-05-17
Posts: 3,400

Re: Naive question: security building chromium without some features?

graysky wrote:

...pipewire requires approx 100M of deps and I think if you compile against it (as the official PKGBUILD does), you cannot run chromium without it.

Would be a good idea to split the pipewire package and stuff plugins like libspa-ffmpeg (pipewire ffmpeg stream elements) and libgstpipewire (gstreamer element for pipewire) in their own packages? If that doesn't break anything that can't be fixed by declaring them as optdepends, then the dependency tree of the official packages could be cut down drastically. gstreamer has its plugins in separate packages as well.

Edit: Submitted as bug #62976

Last edited by progandy (2019-06-22 14:43:46)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#15 2019-06-22 14:16:40

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,774
Website

Re: Naive question: security building chromium without some features?

@progandy - Nice suggestion.  Recommend you open a bug report against the official package to request it.  For me, I am happy to simply drop these things and that is one purpose of this thread.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#16 2019-06-22 15:13:03

zsx
Member
Registered: 2018-05-10
Posts: 15

Re: Naive question: security building chromium without some features?

Guys, make Arch lightweight again! Otherwise, we will drown in the trash.

Offline

Board footer

Powered by FluxBB