View previous topic :: View next topic |
Author |
Message |
muke n00b
Joined: 17 Feb 2019 Posts: 51
|
Posted: Sun May 09, 2021 9:44 am Post subject: Firefox system use flag tradeoffs |
|
|
How should I decide if I want to enable to disable the system- use flags in Firefox? I understand they substitute your system libraries for ones Firefox ships with but I don't know why you would or wouldn't want that. I've been told that enabling system libraries isn't supported by upstream and so could introduce security issues, but then also that the libraries Firefox ships with are older and are also more likely to have security issues. What's the 'best' choice here then?
I also wonder if there's a performance element - if I compile Firefox with LTO and PGO, this would give faster libraries than subbing in system libraries that have only been compiled with LTO, or maybe not even that, right?
If I'm missing other aspects or this please let me know as well. |
|
Back to top |
|
|
alamahant Advocate
Joined: 23 Mar 2019 Posts: 3879
|
Posted: Sun May 09, 2021 11:22 am Post subject: |
|
|
If you take the pain to build firefox yourself rather than using the binary it denotes you want it customized for your system.Therefore you would prefer to use your own binaries.... _________________
|
|
Back to top |
|
|
muke n00b
Joined: 17 Feb 2019 Posts: 51
|
Posted: Sun May 09, 2021 1:01 pm Post subject: |
|
|
This doesn't really answer my questions. I want to customize my system but I need to know the implications of each customization I make. |
|
Back to top |
|
|
Ionen Developer
Joined: 06 Dec 2018 Posts: 2718
|
Posted: Sun May 09, 2021 1:39 pm Post subject: |
|
|
As far as Gentoo is concerned rather than upstream, system-* being enabled is the most tested given it's default. When in doubt, use defaults
System libraries used by browsers also get more attention wrt to security issues. |
|
Back to top |
|
|
Menelkir n00b
Joined: 13 Jan 2006 Posts: 7 Location: Punta Arenas, CL
|
Posted: Sun May 09, 2021 2:45 pm Post subject: |
|
|
Keep in mind that compiling with LTO and PGO can (usually) give you fast binaries but in other hand takes a lot more time to build. Also, as already said, using system libraries will make sure that some libraries will be better audited by gentoo itself instead of depending on firefox developers. |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6747
|
Posted: Sun May 09, 2021 6:29 pm Post subject: |
|
|
Usually, security flaws in libraries are quicker found and fixed upstream than downstream (firefox). Therefore, using system libraries is usually the safer option.
That being said, there is no guarantee that it is a safer option, because it can happen that- Downstream fixes are not reported quickly upstream.
- There might be a special downstream fix which cannot be reported upstream (because of other modifications of the library).
- Modification or newer versions of the library might have unexpected side effects which might allow for some sort of exploit.
All of these are unlikely but not impossible (it is in fact very likely that all of these already have happened in some cases). I would nevertheless consider it as the lower risk.
The main reason why there are such useflags is that sometimes system libraries do not work. If there are unexpected crashes, downgrading a library - or using the bundled library - might solve the problem. |
|
Back to top |
|
|
|