Javascript JIT in web browsers

drago01 drago01 at gmail.com
Sun Aug 15 20:41:36 UTC 2010


On Sun, Aug 15, 2010 at 9:45 PM, Matt McCutchen <matt at mattmccutchen.net> wrote:
> On Sun, 2010-08-15 at 18:26 +0200, Kevin Kofler wrote:
>> But the end effect is, we're allowing a web browser to disable memory
>> protection, exposing all users to a severe security risk from merely
>> browsing web sites. IMHO, the performance improvements in JavaScript aren't
>> worth that risk.

The times where javascript is only used for some fancy effects are
long over ... welcome to 2010 ;)

> An alternative is to run the JavaScript in a less-privileged process,
> like I believe Chromium does.

The "problem" is fixable there is a patch that is being discussed
upstream to fix the issue and allow selinux memory protection it is
just not merged yet.

Using a JIT is not a security risk by itself.


More information about the devel mailing list