[tor-bugs] #21514 [Applications/Tor Browser]: Deal with W^X backport bustage in upcoming ESR release
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 20 14:25:22 UTC 2017
#21514: Deal with W^X backport bustage in upcoming ESR release
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Critical | Resolution:
Keywords: TorBrowserTeam201702 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Description changed by gk:
Old description:
> https://hg.mozilla.org/releases/mozilla-esr45/rev/347c10e4d6d1 backports
> a security bug fix but is removing the `nonWritableJitCode` option we use
> for our W^X patch backport. It might be okay to add that part back as it
> seems the removal is unrelated. Jan de Mooij writes:
> {{{
> I also removed the nonWritableJitCode option as ESR45 predates W^X and
> nobody is going to enable that option there.
> }}}
> We should be sure about that though and make sure as well that our
> backported patches are still working and not causing unpredictable
> issues. If the risk is too high we need to back out the security
> improvements, alas.
New description:
https://hg.mozilla.org/releases/mozilla-esr45/rev/347c10e4d6d1 backports a
security bug fix but is removing the `nonWritableJitCode` option we use
for our `W^X` patch backport. It might be okay to add that part back as it
seems the removal is unrelated. Jan de Mooij writes:
{{{
I also removed the nonWritableJitCode option as ESR45 predates W^X and
nobody is going to enable that option there.
}}}
We should be sure about that though and make sure as well that our
backported patches are still working and not causing unpredictable issues.
If the risk is too high we need to back out the security improvements,
alas.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21514#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list