drago01 wrote: > The times where javascript is only used for some fancy effects are > long over ... welcome to 2010 ;) Some web sites are indeed abusing JavaScript. Why should we promote this behavior? It is a vehicle for proprietary software, where people often aren't even aware they're using non-Free code, or just ignore the issue. See also http://www.gnu.org/philosophy/javascript-trap.html . A web site is not and should not be an application, an application is not and should not be a web site. > The "problem" is fixable there is a patch that is being discussed > upstream to fix the issue and allow selinux memory protection it is > just not merged yet. > > Using a JIT is not a security risk by itself. Workarounds which make SELinux happy are still not as secure as sticking to a pure bytecode interpreter. Exploit code can still write to the memory to be executed, with ANY JIT, as this is how a JIT works. It's just that the writing has to happen through a different address space window as the execution, making the JIT harder, but not impossible, to exploit. So IMHO the right fix is to disable the JIT altogether. But the proposed patch would still be better than the crappy solution implemented now just to "stick to upstream" (having SELinux ignore the problem). Kevin Kofler -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
