[pypy-dev] W^X in the PyPy JIT?
Edd Barrett
edd at theunixzoo.co.uk
Thu Jun 9 11:19:02 EDT 2016
Hi!
Recently OpenBSD has started enforcing W^X [1] for all programs, unless
the program is on a file system with a special 'wxallowed' flag.
Regardless of the flag, a message is emitted to the dmesg buffer.
Starting PyPy will emit such a message:
pypy(62301): mmap W^X violation
I suppose the memory the JIT is using for traces has been mapped W+X?
Assuming this is the case, the security of PyPy (on all platforms) could
be improved by mapping the memory W during trace compilation, and then
re-mapping the memory X once compilation is complete.
Of course, it might not be the JIT at all...
Cheers
[1] https://en.wikipedia.org/wiki/W%5EX
--
Best Regards
Edd Barrett
http://www.theunixzoo.co.uk
More information about the pypy-dev
mailing list