X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from mail.wtbts.no (mail.wtbts.no [213.234.126.131]) by mail.alpinelinux.org (Postfix) with ESMTP id 1C3E7BB3709 for ; Thu, 19 May 2011 07:12:29 +0000 (UTC) Received: from localhost (bsna.nor.wtbts.net [127.0.0.1]) by mail.wtbts.no (Postfix) with ESMTP id E053DAE4002; Thu, 19 May 2011 13:56:58 +0000 (UTC) X-Virus-Scanned: Yes Received: from mail.wtbts.no ([127.0.0.1]) by localhost (bsna.nor.wtbts.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ThCJNXmbYzjG; Thu, 19 May 2011 13:56:55 +0000 (UTC) Received: from mail.ytre.org (extmail.nor.wtbts.net [10.65.72.14]) by mail.wtbts.no (Postfix) with ESMTP id 2CE8FAE4001; Thu, 19 May 2011 13:56:55 +0000 (UTC) Received: from mail.ytre.org (localhost [127.0.0.1]) by mail.ytre.org (Postfix) with ESMTP id E1B0060D088B9; Thu, 19 May 2011 13:56:54 +0000 (UTC) Received: from ncopa-desktop.nor.wtbts.net (unknown [10.65.65.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: ncopa@ytre.org) by mail.ytre.org (Postfix) with ESMTPSA id 9C70160AF66ED; Thu, 19 May 2011 13:56:54 +0000 (UTC) Date: Thu, 19 May 2011 15:53:13 +0200 From: Natanael Copa To: jeremy@thomersonfamily.com Cc: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] RFC: disable mprotect or JIT on web browsers Message-ID: <20110519155313.6afc02c4@ncopa-desktop.nor.wtbts.net> In-Reply-To: References: <20110517112539.4f28cda2@ncopa-desktop.nor.wtbts.net> X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.4; x86_64-unknown-linux-gnu) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP On Tue, 17 May 2011 08:30:24 -0400 Jeremy Thomerson wrote: > I'd be concerned about going against that (disabling a security > feature) just to enable web browsing on a distro that is intended as > a hardened server distro. No. we will never disable a security feature in kernel for everyone due to a web browser which only used by a few (crazy ppl). What I'm talking about is disable the feature for the firefox and midori binaries only. So only the browser itself would run with reduced security (but with JIT enabled). Everything else would still have the security feature. So this only affects people who actually use alpine linux for web browsing. But I'm still thinking we want accept a more secure but somewhat slower browser than a faster browser bu somewhat less secure. Thanks for your input. -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---