diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-24 01:06:07 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-27 00:54:02 +0100 |
commit | 4f68369643cbbbcc6b12028091bb8064e89ce02d (patch) | |
tree | 2b9f7fb324b1fb88c48473723afac67ff5015cba /android-configure | |
parent | c0a9d1bc74e1aa5ed1f5a934509c1984142e0eab (diff) | |
download | android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.tar.gz android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.tar.bz2 android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.zip |
build: disable v8 snapshots
Snapshots speed up start-up by a few milliseconds but are potentially
dangerous because of the fixed hash seed that is used for strings and
dictionaries, making collision denial-of-service attacks possible.
Release builds on iojs.org have snapshots disabled but source builds
did not, until now.
The risk for individual source builds is low; the binary gets a random
32 bits hash seed that should be hard to guess by an external attacker.
It's when binaries are distributed by, for example, a distro vendor
that the fixed hash seed becomes a vulnerability, because then it's
possible to target a large group of people at once.
People that really need the faster start-up time can use the new
--with-snapshot configure flag.
PR-URL: https://github.com/iojs/io.js/pull/585
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'android-configure')
-rwxr-xr-x | android-configure | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/android-configure b/android-configure index 7acb7f3766..b3145e5838 100755 --- a/android-configure +++ b/android-configure @@ -14,6 +14,5 @@ export CXX=arm-linux-androideabi-g++ export LINK=arm-linux-androideabi-g++ ./configure \ - --without-snapshot \ --dest-cpu=arm \ --dest-os=android |