338245 – Please add a use flag to x11-libs/qt-core allowing JIT to be disabled on hardened systems

Bug 338245 - Please add a use flag to x11-libs/qt-core allowing JIT to be disabled on hardened systems

Summary: Please add a use flag to x11-libs/qt-core allowing JIT to be disabled on hard...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Library (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Qt Bug Alias

URL:	http://pax.grsecurity.net/docs/mprote...
Whiteboard:
Keywords:

Depends on:
Blocks:	337736 338243
	Show dependency tree

Reported:	2010-09-20 23:02 UTC by Dillon
Modified:	2010-11-19 01:28 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch using IUSE+jit and configure option to disable jit (qt-core-4.6.2-r1-nojit.patch,1.17 KB, patch) 2010-09-20 23:05 UTC, Dillon	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dillon 2010-09-20 23:02:24 UTC

+++ This bug was initially created as a clone of Bug #338243 +++

+++ This bug was initially created as a clone of Bug #337736 +++

JIT requires executable stack pages, and any process performing JavaScript on
hardened kernels will require to run with PAX_MPROTECT disabled. This may allow
easier code execution exploits to work (without the need in pure ret2libc-style
stack preparations, that is harder). Apart from that the JIT itself can be
vulnerable.
-- p.labushev@gmail.com

Comment 1 Dillon 2010-09-20 23:05:22 UTC

Created attachment 248222 [details, diff]
Patch using IUSE+jit and configure option to disable jit

Comment 2 Tomás Touceda (RETIRED) gentoo-dev

2010-11-19 01:28:31 UTC

Committed. Thanks Dillon for the patch.