blob: 5b3f2c4a364182230b69311a1d6263735d3bb69a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
https://gitlab.freedesktop.org/polkit/polkit/-/commit/4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb
From 4b7a5c35fb3dd439e490f8fd6b1265d17c6d4bcb Mon Sep 17 00:00:00 2001
From: Xi Ruoyao <xry111@xry111.site>
Date: Sat, 29 Jul 2023 17:44:58 +0800
Subject: [PATCH] jsauthority: mozjs: Disable JIT
The JIT compiling of mozjs needs W/X mapping, but our systemd hardening
setting does not allow it.
For polkit, security is much more important than the speed running
Javascript code in rule files, so we should disable JIT.
Fixes #199.
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -56,7 +56,16 @@
static class JsInitHelperType
{
public:
- JsInitHelperType() { JS_Init(); }
+ JsInitHelperType()
+ {
+ /* Disable JIT because it needs W/X mapping, which is not allowed by
+ * our systemd hardening setting.
+ */
+ JS::DisableJitBackend();
+
+ JS_Init();
+ }
+
~JsInitHelperType() { JS_ShutDown(); }
} JsInitHelper;
--
GitLab
|
GitWeb
