Mail archive
alpine-devel

[alpine-devel] RFC: disable mprotect or JIT on web browsers

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Tue, 17 May 2011 11:25:39 +0200

Hi,

Modern browsers uses just-in-time (JIT) compilers to gain maximum
performance of the javascripts. This requires that the application can
allocate memory where it can both write to it and then execute it. This
is not allowed with our Grsecurity kernel for security reasons.

So currently, midori has mprotect disabled and it looks like we might
need to do the same with firefox. Alternatively we will need to patch
webkit and xulrunner to disable jit.

So this is a trade off.

I am slightly towards prioritize security. (I think fedora does so for
webkit too btw)

What do you prefer? JIT speed or MPROTECT security for our browsers?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue May 17 2011 - 11:25:39 UTC