| 1 |
On 10 Jun 2012 at 17:46, René Rhéaume wrote: |
| 2 |
|
| 3 |
> I have a somewhat crazy idea to run JIT code with mprotect enforced: |
| 4 |
> instead of putting the generated code into anonymous memory, why not put it |
| 5 |
> as a shared library inside a tmpfs, the the host program simply call dlopen |
| 6 |
> on it? This way, we would have JIT code (faster than interpreted code), |
| 7 |
> ahead-of-time compiled code keeps all mprotect restrictions in place. JIT |
| 8 |
> code would also benefit from ASLR. |
| 9 |
> |
| 10 |
> What do you think? |
| 11 |
|
| 12 |
ever read http://pax.grsecurity.net/docs/mprotect.txt ? ;) |
Archives