~alpine/devel

3 3

[alpine-devel] RFC: disable mprotect or JIT on web browsers

Natanael Copa
Details
Message ID
<20110517112539.4f28cda2@ncopa-desktop.nor.wtbts.net>
Sender timestamp
1305624339
DKIM signature
missing
Download raw message
Hi,

Modern browsers uses just-in-time (JIT) compilers to gain maximum
performance of the javascripts. This requires that the application can
allocate memory where it can both write to it and then execute it. This
is not allowed with our Grsecurity kernel for security reasons.

So currently, midori has mprotect disabled and it looks like we might
need to do the same with firefox. Alternatively we will need to patch
webkit and xulrunner to disable jit.

So this is a trade off.

I am slightly towards prioritize security. (I think fedora does so for
webkit too btw)

What do you prefer? JIT speed or MPROTECT security for our browsers?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Nathan Angelacos
Details
Message ID
<4DD2885A.6010302@nothome.org>
In-Reply-To
<BANLkTindUr3nfG5+f_qWuxMdCTGYOpBjpQ@mail.gmail.com> (view parent)
Sender timestamp
1305643098
DKIM signature
missing
Download raw message
On 05/17/2011 05:30 AM, Jeremy Thomerson wrote:
> I don't have a lot of say here, but you asked for comments, so here's mine:
> What's the advantage of turning Alpine into a full desktop environment
> with Firefox, etc?  The tagline for Alpine is "A *security-oriented*,
> lightweight Linux distribution ..."
> I'd be concerned about going against that (disabling a security feature)
> just to enable web browsing on a distro that is intended as a hardened
> server distro.
> Jeremy Thomerson

+1


> On Tue, May 17, 2011 at 5:25 AM, Natanael Copa <ncopa@alpinelinux.org
> <mailto:ncopa@alpinelinux.org>> wrote:
>
>     Hi,
>
>     Modern browsers uses just-in-time (JIT) compilers to gain maximum
>     performance of the javascripts. This requires that the application can
>     allocate memory where it can both write to it and then execute it. This
>     is not allowed with our Grsecurity kernel for security reasons.
>
>     So currently, midori has mprotect disabled and it looks like we might
>     need to do the same with firefox. Alternatively we will need to patch
>     webkit and xulrunner to disable jit.
>
>     So this is a trade off.
>
>     I am slightly towards prioritize security. (I think fedora does so for
>     webkit too btw)
>
>     What do you prefer? JIT speed or MPROTECT security for our browsers?
>
>     -nc
>
>
>     ---
>     Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
>     <mailto:alpine-devel%2Bunsubscribe@lists.alpinelinux.org>
>     Help: alpine-devel+help@lists.alpinelinux.org
>     <mailto:alpine-devel%2Bhelp@lists.alpinelinux.org>
>     ---
>
>



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Jeremy Thomerson
Details
Message ID
<BANLkTindUr3nfG5+f_qWuxMdCTGYOpBjpQ@mail.gmail.com>
In-Reply-To
<20110517112539.4f28cda2@ncopa-desktop.nor.wtbts.net> (view parent)
Sender timestamp
1305635424
DKIM signature
missing
Download raw message
I don't have a lot of say here, but you asked for comments, so here's mine:

What's the advantage of turning Alpine into a full desktop environment with
Firefox, etc?  The tagline for Alpine is "A *security-oriented*, lightweight
Linux distribution ..."

I'd be concerned about going against that (disabling a security feature)
just to enable web browsing on a distro that is intended as a hardened
server distro.

Jeremy Thomerson
On Tue, May 17, 2011 at 5:25 AM, Natanael Copa <ncopa@alpinelinux.org>wrote:

> Hi,
>
> Modern browsers uses just-in-time (JIT) compilers to gain maximum
> performance of the javascripts. This requires that the application can
> allocate memory where it can both write to it and then execute it. This
> is not allowed with our Grsecurity kernel for security reasons.
>
> So currently, midori has mprotect disabled and it looks like we might
> need to do the same with firefox. Alternatively we will need to patch
> webkit and xulrunner to disable jit.
>
> So this is a trade off.
>
> I am slightly towards prioritize security. (I think fedora does so for
> webkit too btw)
>
> What do you prefer? JIT speed or MPROTECT security for our browsers?
>
> -nc
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
>
>
Natanael Copa
Details
Message ID
<20110519155313.6afc02c4@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<BANLkTindUr3nfG5+f_qWuxMdCTGYOpBjpQ@mail.gmail.com> (view parent)
Sender timestamp
1305813193
DKIM signature
missing
Download raw message
On Tue, 17 May 2011 08:30:24 -0400
Jeremy Thomerson <jeremy@thomersonfamily.com> wrote:

> I'd be concerned about going against that (disabling a security
> feature) just to enable web browsing on a distro that is intended as
> a hardened server distro.

No. we will never disable a security feature in kernel for everyone due
to a web browser which only used by a few (crazy ppl).

What I'm talking about is disable the feature for the firefox and
midori binaries only. So only the browser itself would run with reduced
security (but with JIT enabled). Everything else would still have the
security feature. So this only affects people who actually use alpine
linux for web browsing.

But I'm still thinking we want accept a more secure but somewhat slower
browser than a faster browser bu somewhat less secure.

Thanks for your input.

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---