On 2017-09-28, Boudewijn Dijkstra <mailinglists.boudew...@indes.com> wrote: > Op Wed, 27 Sep 2017 16:44:01 +0200 schreef Theo de Raadt ><dera...@openbsd.org>: >>> Firefox has W^X compliance and so runs with the secure defaults. >> >> it uses page aliasing, which is a shitty way of being compliant > > Do you mean dual-mapping a.k.a. double-mapping? I found some old patches > using a temporarily file and mmap w/ fd to achieve this, but they never > went in. > > This blog: > https://jandemooij.nl/blog/2015/12/29/wx-jit-code-enabled-in-firefox/ > suggests that it is simply switching between RW and RX using mprotect. > > Can you please elaborate? > >
That was my understanding too, and that's what ktrace shows. ... 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x3<PROT_READ|PROT_WRITE>) 13015 firefox RET mprotect 0 13015 firefox CALL mprotect(0x2c907b6eb000,0x1000,0x5<PROT_READ|PROT_EXEC>) 13015 firefox RET mprotect 0 ...