1 |
On 10 Jun 2012 at 17:46, René Rhéaume wrote: |
2 |
|
3 |
> I have a somewhat crazy idea to run JIT code with mprotect enforced: |
4 |
> instead of putting the generated code into anonymous memory, why not put it |
5 |
> as a shared library inside a tmpfs, the the host program simply call dlopen |
6 |
> on it? This way, we would have JIT code (faster than interpreted code), |
7 |
> ahead-of-time compiled code keeps all mprotect restrictions in place. JIT |
8 |
> code would also benefit from ASLR. |
9 |
> |
10 |
> What do you think? |
11 |
|
12 |
ever read http://pax.grsecurity.net/docs/mprotect.txt ? ;) |