Archives
Archives
| From: | "René Rhéaume" <rene.rheaume@×××××.com> |
|---|---|
| To: | gentoo-hardened@l.g.o |
| Subject: | [gentoo-hardened] JIT code and mprotect |
| Date: | Mon, 11 Jun 2012 00:02:15 |
| Message-Id: | CAPLjCyLeaEqbo8w==jctVb43ugkYvhQe41q2+a==mrLb2kGeow@mail.gmail.com |
| 1 | I have a somewhat crazy idea to run JIT code with mprotect enforced: |
| 2 | instead of putting the generated code into anonymous memory, why not put it |
| 3 | as a shared library inside a tmpfs, the the host program simply call dlopen |
| 4 | on it? This way, we would have JIT code (faster than interpreted code), |
| 5 | ahead-of-time compiled code keeps all mprotect restrictions in place. JIT |
| 6 | code would also benefit from ASLR. |
| 7 | |
| 8 | What do you think? |
| Subject | Author |
|---|---|
| Re: [gentoo-hardened] JIT code and mprotect | PaX Team <pageexec@××××××××.hu> |
| Re: [gentoo-hardened] JIT code and mprotect | Maxim Kammerer <mk@×××.su> |