[kaffe] Idea for a security compatible JIT

John Richard Moser nigelenki at comcast.net
Mon Oct 4 10:59:17 PDT 2004

Hash: SHA1

Timothy Stack wrote:


| [stuff deleted]
| I think mono kinda does this already, generating shared libraries with
| JIT and then loading them in.  In fact, I would imagine most schemes for
| caching jitted code work this way as well.  It would be nice to have in
| kaffe, it just never struck anyones fancy I guess...

Mono requires PaX restrictions to be relaxed.  Blackdown does as well.
The problem is that code cannot be generated directly in memory; memory
can't be made executable if it's not already, and memory can never be
both writable and executable at the same time.  mprotect(...
PROT_WRITE|PROT_EXEC) always fails, while mprotect(... PROT_EXEC) fails
on a non-executable page.

I'm a big security fan.  Having these kinds of things would allow full
protections to be applied to JITters.  It's not magic that stops
everything; but it'd be nice to have.

The only situation I can think of where it would be advantageous to have
full protections would be one where the JITter code has a bug which
allows an attacker to inject code directly into it and have it executed.
~ If the malicious code is going to disk first, of course, the
protections are useless; but the vulnerability could be altering the
flow away from writing code to disk, and so that would stop it.

JITters are by nature very severe potential security faults and should
only ever run trusted code.  Although I'd love to see them work natively
with PaX, in all honesty it's not going to alleviate the biggest threats
that menial programming bugs can pose.  It would still offer up some
protection; as would stack smash protection :)

| tim stack

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the kaffe mailing list