[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT

Subject: Re: [tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 17 Dec 2016 17:14:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Dec 2016 12:15:11 -0500
In-reply-to: <051.1d146d415ed38c6bf554668d252bcc93@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.1d146d415ed38c6bf554668d252bcc93@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21011: Disable JavaScript JIT
----------------------------------------------+-------------------------
 Reporter:  cypherpunks                       |          Owner:  yawning
     Type:  enhancement                       |         Status:  new
 Priority:  Medium                            |      Milestone:
Component:  Applications/Tor Browser Sandbox  |        Version:
 Severity:  Normal                            |     Resolution:
 Keywords:                                    |  Actual Points:
Parent ID:                                    |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+-------------------------

Comment (by yawning):

 FF46 does fix the issue with W^X, but we won't get the benefit of that
 till ESR52.

 In principle I don't mind this, but it feels somewhat redundant to me
 since Tor Browser already will set
 `javascript.options.baselinejit.content` and
 `javascript.options.ion.content` to `false`, as long as you don't have the
 security slider set to "YOLO".

 IMO, if you think that more options should be set to *really* kill the
 JIT, then the patches should go into torbutton.  If the JIT is just always
 evil, then the Tor Browser code should never JIT JS regardless of what the
 slider says.

 (Also you're patching the wrong file, you want `mozilla.cfg`.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21011#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20907 [Metrics/Censorship analysis]: Blocking of public relays in Belarus, 2016-12-01
Next by Author: Re: [tor-bugs] #20923 [Internal Services/Service - lists]: Please create tor-employees mailing list
Previous by thread: [tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT
Next by thread: Re: [tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT
Index(es):
- Author
- Thread