Posted Nov 28, 2006 2:22 UTC (Tue) by xoddam
In reply to: Virtual Machines and Memory Protections
Parent article: Virtual Machines and Memory Protections
I think you've missed the point about fine-grained permissions.
Presumably the JIT compiler only needs to set write+execute on a VM area
once, at startup. Once it has done that, the entire process can drop the
privilege that allows it to do so.
This does not mean that it's impossible for an exploit of a system
library to write and call into that wx VM area once it exists, but
risk-mitigation techniques like address randomisation are just as valid
for JIT object code as they are for mapped .so files.
The point stands that any system that includes 'eval' is vulnerable to
this class of attack, no matter how it is implemented.
to post comments)