Virtual Machines and Memory Protections
Posted Nov 22, 2006 6:09 UTC (Wed) by skissane
Parent article: Virtual Machines and Memory Protections
Related to Ulrich Drepper's proposal to double mmap a file, here is my idea: Have a new system call (maybe double_mmap). It is passed in a number of pages, which it then allocates. It then maps those pages twice into your address space, at two different addresses: at one place as read-write, at the other as read-execute. No disk space needed; virtual address space is doubled, but physical memory usage stays the same. The kernel could ensure that both virtual addresses are random. It could also ensure that no other process can get access to those address spaces. Doing this would still make JIT possible, but should give attackers a lot harder time, since they would have to guess not only where the memory to write to is, then also guess where the corresponding execute location is.
to post comments)