top | item 40831814

(no title)

nanidin | 1 year ago

In this case someone generated malicious bytecode that the JIT compiler would not generate.

I would argue JIT is dangerous because it requires dynamic memory without the NX bit set, so if you manage to smash the stack (find an exploit) you can execute arbitrary code easily (leverage the exploit). That's a different dangerous than running malicious bytecode.

discuss

axoltl|1 year ago

This doesn't generally apply but Apple has a bunch of hardening in place that means you don't just have an RWX mapping hanging around:

https://developer.apple.com/documentation/browserenginekit/p...

On top of that they're working on (I haven't checked in a bit) having the JIT compiler be entirely Out-Of-Process. I don't think a lot has been written about that publicly but there's a few breadcrumbs like https://developer.apple.com/documentation/kernel/oop_jit_con...

colejohnson66|1 year ago

JITs can still function with an NX bit; You just have to halt execution to modify it.