[alpine-devel] RFC: disable mprotect or JIT on web browsers
Modern browsers uses just-in-time (JIT) compilers to gain maximum
allocate memory where it can both write to it and then execute it. This
is not allowed with our Grsecurity kernel for security reasons.
So currently, midori has mprotect disabled and it looks like we might
need to do the same with firefox. Alternatively we will need to patch
webkit and xulrunner to disable jit.
So this is a trade off.
I am slightly towards prioritize security. (I think fedora does so for
webkit too btw)
What do you prefer? JIT speed or MPROTECT security for our browsers?
Received on Tue May 17 2011 - 11:25:39 UTC