Skip to content

Commit

Permalink
Attempt to disable use of rwx memory for improved security
Browse files Browse the repository at this point in the history 
This should disable two different JIT engines inside of QT:

  QT_ENABLE_REGEXP_JIT disables the pcre JIT
  QV4_FORCE_INTERPRETER disables the QML JIT

There may be other QT JIT engines. On PaX/Grsecurity enabled
kernels, users will need to weaken their security by setting PaX flags:

  setfattr -n user.pax.flags -v "emr" /usr/bin/ricochet

In an ideal world, we will have no use of any JIT or JIT-like engine and
will be able to take full advantage of PaX related security features.
  • Loading branch information
@ioerror @special
ioerror authored and special committed Mar 21, 2016
1 parent 3031a56 commit 92d9d3d
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/main.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@ static void initTranslation();

int main(int argc, char *argv[])
{
/* Disable rwx memory.
This will also ensure full PAX/Grsecurity protections. */
qputenv("QV4_FORCE_INTERPRETER", "1");
qputenv("QT_ENABLE_REGEXP_JIT", "0");

QApplication a(argc, argv);
a.setApplicationVersion(QLatin1String("1.1.2"));
a.setOrganizationName(QStringLiteral("Ricochet"));
Expand Down

0 comments on commit 92d9d3d

Please sign in to comment.