[tbb-dev] Disabling JITs in the Tor Browser

sanketh me at snkth.com
Thu Aug 5 02:31:16 UTC 2021


Edge Vuln Research just dropped the amazing named "Super Duper Secure 
Mode" [1]---an interesting albeit slightly provocative statement they 
make in the announcement is that JITs may not be worth it for 
security-sensitive users, since they account for about half the bugs in 
V8 (Chromium's JS engine) and their new research shows that disabling 
JITs, despite the huge performance regressions in traditional JS 
benchmarks, is rarely noticeable in real-life. I don't think tbb is new 
to clamping down JS (for security-sensitive users), but this idea of 
disabling JITs might be interesting to look into*.

First, taking a step back, recall that modern browsers execute JS by 
converting it into bytecode and then using an interpreter to execute, 
and functions that are "hot" (executed many times) are recompiled using 
a JIT to produce faster code. This is super simplified, see [2] for a 
more technical overview of how this works in Firefox.

I think this idea can be used to improve the Tor Browser,

 1. we can disable JITs in "Safer" mode which would reduce usability but
    improve security; and
 2. we can enable JS and disable JITs in "Safest" mode which would
    reduce significantly improve usability but degrade security.

On a more meta note, this wouldn't be hard to implement, Firefox has 
prefs to enable and disable this stuff, and @freddyb's tweet [3] seems 
to confirm this intuition.

What do y'all think?


*disabling JITs was discussed in the tor issue tracker 4 years ago [4] 
but most of the then concerns (like changing build settings) seem to 
have been resolved and JITs are now enabled across the browser (they 
were not enabled for content back then) and so this, I feel, can use 
fresh eyes.

[1]: https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
[3]: https://twitter.com/freddyb/status/1423020386560712705?s=20
[4]: https://gitlab.torproject.org/legacy/trac/-/issues/21011

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20210805/b1a7b0f5/attachment.htm>

More information about the tbb-dev mailing list