diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-24 01:06:07 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2015-01-27 00:54:02 +0100 |
commit | 4f68369643cbbbcc6b12028091bb8064e89ce02d (patch) | |
tree | 2b9f7fb324b1fb88c48473723afac67ff5015cba /node.gyp | |
parent | c0a9d1bc74e1aa5ed1f5a934509c1984142e0eab (diff) | |
download | android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.tar.gz android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.tar.bz2 android-node-v8-4f68369643cbbbcc6b12028091bb8064e89ce02d.zip |
build: disable v8 snapshots
Snapshots speed up start-up by a few milliseconds but are potentially
dangerous because of the fixed hash seed that is used for strings and
dictionaries, making collision denial-of-service attacks possible.
Release builds on iojs.org have snapshots disabled but source builds
did not, until now.
The risk for individual source builds is low; the binary gets a random
32 bits hash seed that should be hard to guess by an external attacker.
It's when binaries are distributed by, for example, a distro vendor
that the fixed hash seed becomes a vulnerability, because then it's
possible to target a large group of people at once.
People that really need the faster start-up time can use the new
--with-snapshot configure flag.
PR-URL: https://github.com/iojs/io.js/pull/585
Reviewed-By: Bert Belder <bertbelder@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'node.gyp')
-rw-r--r-- | node.gyp | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1,6 +1,6 @@ { 'variables': { - 'v8_use_snapshot%': 'true', + 'v8_use_snapshot%': 'false', 'node_use_dtrace%': 'false', 'node_use_etw%': 'false', 'node_use_perfctr%': 'false', |