[tbb-dev] Disabling JITs in the Tor Browser
sysrqb at torproject.org
Thu Aug 5 03:54:52 UTC 2021
On Thu, Aug 05, 2021 at 02:31:16AM +0000, sanketh wrote:
> Edge Vuln Research just dropped the amazing named "Super Duper Secure Mode"
> ---an interesting albeit slightly provocative statement they make in the
> announcement is that JITs may not be worth it for security-sensitive users,
> since they account for about half the bugs in V8 (Chromium's JS engine) and
> their new research shows that disabling JITs, despite the huge performance
> regressions in traditional JS benchmarks, is rarely noticeable in real-life.
> I don't think tbb is new to clamping down JS (for security-sensitive users),
> but this idea of disabling JITs might be interesting to look into*.
> First, taking a step back, recall that modern browsers execute JS by
> converting it into bytecode and then using an interpreter to execute, and
> functions that are "hot" (executed many times) are recompiled using a JIT to
> produce faster code. This is super simplified, see  for a more technical
> overview of how this works in Firefox.
> I think this idea can be used to improve the Tor Browser,
> 1. we can disable JITs in "Safer" mode which would reduce usability but
> improve security; and
Indeed, this is a good idea. Currently on Safer we disable:
- ion (optimizing JIT)
- baselinejit (Baseline JIT)
// pref: Safest, Safer, Standard
> 2. we can enable JS and disable JITs in "Safest" mode which would
> reduce significantly improve usability but degrade security.
header that disallows scripts). The interpreter has vulnerabilities
occasionally, but I don't remember any in recent history.
Some more details are in .
> On a more meta note, this wouldn't be hard to implement, Firefox has prefs
> to enable and disable this stuff, and @freddyb's tweet  seems to confirm
> this intuition.
> What do y'all think?
> *disabling JITs was discussed in the tor issue tracker 4 years ago  but
> most of the then concerns (like changing build settings) seem to have been
> resolved and JITs are now enabled across the browser (they were not enabled
> for content back then) and so this, I feel, can use fresh eyes.
> : https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
> : https://twitter.com/freddyb/status/1423020386560712705?s=20
> : https://gitlab.torproject.org/legacy/trac/-/issues/21011
More information about the tbb-dev