JIT requires executable stack pages, and any process performing JavaScript on hardened kernels will require to run with PAX_MPROTECT disabled. This may allow easier code execution exploits to work (without the need in pure ret2libc-style stack preparations, that is harder). Apart from that the JIT itself can be vulnerable. -- p.labushev@gmail.com
Created attachment 247675 [details, diff] Patch using IUSE+jit and configure option to disable jit This stopped kwrite from being killed by PaX, I'm not sure what other applications are affected, but amarok seems to not be one of them as there is no change.
Created attachment 248220 [details, diff] Spelling error
Committed. Thanks again Dillon for the patch.