Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 643972

Summary: www-client/firefox option to disable JIT?
Product: Gentoo Security Reporter: Fedja Beader <fedja>
Component: Default ConfigsAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED INVALID    
Severity: major CC: fedja, libor+gentoobugs, mozilla
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: firefox-52.5.2.patch

Description Fedja Beader 2018-01-09 00:41:05 UTC 
What is the point of PAX when a lot of high-risk programs (which Firefox undoubtedly is) have mprotect disabled by default?

Reproducible: Always

Steps to Reproduce:
1. paxctl-ng -M /usr/lib64/firefox/firefox 
2. $ firefox

Actual Results:  
Segmentation fault

Expected Results:  
Firefox sans JIT.

I've tried putting --disable-ion into the ebuild, but the build fails after trying to precompile startup cache. IonMonkey is Firefox's JIT compiler and according to https://wiki.mozilla.org/IonMonkey

I went digging and discovered that jit could be disabled in the old ebuilds (45* era). Why was this option removed?
Comment 1 Fedja Beader 2018-01-09 00:43:36 UTC 
Created attachment 513846 [details, diff]
firefox-52.5.2.patch

Attempt #1 at turning off JIT.
Comment 2 Fedja Beader 2018-01-09 00:55:37 UTC 
Cannot attach build log: "The file at https://bugs.gentoo.org/attachment.cgi is not readable.".

"... IonMonkey is Firefox's JIT compiler and according to https://wiki.mozilla.org/IonMonkey" --disable-ion disables it.
Comment 3 Jory A. Pratt gentoo-dev 2019-03-31 20:06:14 UTC 
Please feel free to reopen and update any bug report that can be duplicated with current esr builds, 60.x. If you feel your feature needs to be re looked at in any of these bugs reopen and update, please attach patches when appropriate. Thank you Mozilla Team