X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from mail.wtbts.no (mail.wtbts.no [213.234.126.131])
	by mail.alpinelinux.org (Postfix) with ESMTP id 5C89DBA33BD
	for <alpine-devel@lists.alpinelinux.org>; Tue, 17 May 2011 02:44:11 +0000 (UTC)
Received: from localhost (bsna.nor.wtbts.net [127.0.0.1])
	by mail.wtbts.no (Postfix) with ESMTP id 7DB33AE4002
	for <alpine-devel@lists.alpinelinux.org>; Tue, 17 May 2011 09:29:16 +0000 (UTC)
X-Virus-Scanned: Yes
Received: from mail.wtbts.no ([127.0.0.1])
	by localhost (bsna.nor.wtbts.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id XjEcXIbfnoyx for <alpine-devel@lists.alpinelinux.org>;
	Tue, 17 May 2011 09:29:15 +0000 (UTC)
Received: from mail.ytre.org (extmail.nor.wtbts.net [10.65.72.14])
	by mail.wtbts.no (Postfix) with ESMTP id 45DD0AE4001
	for <alpine-devel@lists.alpinelinux.org>; Tue, 17 May 2011 09:29:15 +0000 (UTC)
Received: from mail.ytre.org (localhost [127.0.0.1])
	by mail.ytre.org (Postfix) with ESMTP id 2429060A7E2B4
	for <alpine-devel@lists.alpinelinux.org>; Tue, 17 May 2011 09:29:15 +0000 (UTC)
Received: from ncopa-desktop.nor.wtbts.net (unknown [10.65.65.1])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ncopa@ytre.org)
	by mail.ytre.org (Postfix) with ESMTPSA id F1FA560A7E29F
	for <alpine-devel@lists.alpinelinux.org>; Tue, 17 May 2011 09:29:14 +0000 (UTC)
Date: Tue, 17 May 2011 11:25:39 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: alpine-devel@lists.alpinelinux.org
Subject: [alpine-devel] RFC: disable mprotect or JIT on web browsers
Message-ID: <20110517112539.4f28cda2@ncopa-desktop.nor.wtbts.net>
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.4; x86_64-unknown-linux-gnu)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP

Hi,

Modern browsers uses just-in-time (JIT) compilers to gain maximum
performance of the javascripts. This requires that the application can
allocate memory where it can both write to it and then execute it. This
is not allowed with our Grsecurity kernel for security reasons.

So currently, midori has mprotect disabled and it looks like we might
need to do the same with firefox. Alternatively we will need to patch
webkit and xulrunner to disable jit.

So this is a trade off.

I am slightly towards prioritize security. (I think fedora does so for
webkit too btw)

What do you prefer? JIT speed or MPROTECT security for our browsers?

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---