[tor-bugs] #21011 [Applications/Tor Browser Sandbox]: Disable JavaScript JIT
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 19 21:44:39 UTC 2016
#21011: Disable JavaScript JIT
----------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution:
Keywords: sandbox-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:5 yawning]:
> Ok, the security slider on a fresh install will default to High
(d8c9273d27489353a6250a106c34951fc2aa4322). As far as making more changes
to the JIT settings, I'd want the other browser people to weigh in here.
As a general matter I think we should try to avoid dealing with browser
related settings outside of the browser itself. For one it makes things
harder to debug if there different pieces of our products are taking care
of the same settings and we open up the whole system to subtle bugs that
might lie in Mozilla's code (they might never have tested whether the
parts we use play together nicely). Plus this mixing of responsibilities
has the tendency to make the whole system harder to analyze.
For now, having the slider set to "High" in the alpha Tor Browser sandbox
is okay with me but we should think harder about that if we envision a
future (as I do) where we only ship Tor Browser in the sandbox to our
users. Maybe that's some kind of crazy Utopia but I want to see all users
benefiting from the security guarantees the sandbox provides. And
currently it seems to me we would drive quite a chunk of them away with
that move. A lot of the web is broken in that mode (alas) and users will
not blame Facebook or whomever for that but Tor Browser and choose a
different (albeit less secure by default) product.
Regarding messing with the JIT preferences: what I said above in the first
paragraph applies here as well + I feel we need to be careful to not
introduce ways to fingerprint users of the Tor Browser sandbox that way. I
am not sure whether flipping those prefs would already be bad. But I
could imagine that some timing measurements might be able to reveal them,
in combination with all the other prefs set on your particular slider
mode. (Sure, if you have set your slider level to "High" this would be
moot but then flipping those prefs in then first place would be
superfluous as well)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21011#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list