Mail archive
alpine-devel

Re: [alpine-devel] RFC: disable mprotect or JIT on web browsers

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Thu, 19 May 2011 15:53:13 +0200

On Tue, 17 May 2011 08:30:24 -0400
Jeremy Thomerson <jeremy_at_thomersonfamily.com> wrote:

> I'd be concerned about going against that (disabling a security
> feature) just to enable web browsing on a distro that is intended as
> a hardened server distro.

No. we will never disable a security feature in kernel for everyone due
to a web browser which only used by a few (crazy ppl).

What I'm talking about is disable the feature for the firefox and
midori binaries only. So only the browser itself would run with reduced
security (but with JIT enabled). Everything else would still have the
security feature. So this only affects people who actually use alpine
linux for web browsing.

But I'm still thinking we want accept a more secure but somewhat slower
browser than a faster browser bu somewhat less secure.

Thanks for your input.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Thu May 19 2011 - 15:53:13 UTC