On Jan 28, 2017 2:02 PM, Christian Schulte <[email protected]> wrote: Am 01/28/17 um 10:04 schrieb Alex McWhirter: > Java doesn't work with write xor execute and this is the kernels way of > letting you know. Java still runs because the partition is mounted with > wxallowed, but the kernel still prints the error to let you know that > Java isn't respecting a security feature. >
What should the VM do instead? It allocates memory, JIT compiles bytecode to machinecode and then executes that machinecode. Should it mprotect the memory after generating the machinecode? It would still execute code from memory it could write to. Regards, -- Christian Java's memory strategy would have to change. IIRC, java basically allocates one big chunk of memory and the JVM uses it as a single heap. The most simple way I can think of would be to enable w^x support in the java language itself and allow each java application to define whether or not they use it and how they use it. Another is to make the JVM smart enough to know what needs write and what needs execute, but not both. But that's up to Oracle im afraid, and im not certain of how much they really care. Most likely it will be done when every other OS on the planet starts enforcing w^x and Oracle kinda has to do it.
