On 2017-09-28, Boudewijn Dijkstra <mailinglists.boudewijn@indes.com> wrote:
> Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt
><deraadt@openbsd.org>:
>>> Firefox has W^X compliance and so runs with the secure defaults.
>>
>> it uses page aliasing, which is a shitty way of being compliant
>
> Do you mean dual-mapping a.k.a. double-mapping? I found some old patches
> using a temporarily file and mmap w/ fd to achieve this, but they never
> went in.
>
> This blog:
> https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/
> suggests that it is simply switching between RW and RX using mprotect.
>
> Can you please elaborate?
>
>
That was my understanding too, and that's what ktrace shows.
...
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>)
13015 firefox RET mprotect 0
13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>)
13015 firefox RET mprotect 0
...
No comments:
Post a Comment