diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2023-07-29 17:44:58 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2023-07-30 13:03:46 +0800 |
| commit | 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb (patch) | |
| tree | e8e9192b7bd585081180279543bcaf4cbaa9b42e | |
| parent | c49c68e1738837fe4fa38184b20e2773098fc672 (diff) | |
jsauthority: mozjs: Disable JIT
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
setting does not allow it.
For polkit, security is much more important than the speed running
Javascript code in rule files, so we should disable JIT.
Fixes #199.
| -rw-r--r-- | src/polkitbackend/polkitbackendjsauthority.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp index 004748a..e265234 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp @@ -56,7 +56,16 @@ static class JsInitHelperType { public: - JsInitHelperType() { JS_Init(); } + JsInitHelperType() + { + /* Disable JIT because it needs W/X mapping, which is not allowed by + * our systemd hardening setting. + */ + JS::DisableJitBackend(); + + JS_Init(); + } + ~JsInitHelperType() { JS_ShutDown(); } } JsInitHelper; |