New issue 2366: Make PyPy W^X Compatible https://bitbucket.org/pypy/pypy/issues/2366/make-pypy-w-x-compatible
Edd Barrett: W^X is a mitigation technique whereby allocated pages are either writeable or executable, but never both. By working this way it makes it much harder for an attacker who has an existing memory vulnerability (e.g. a buffer overflow or use-after-free) to craft malicious binary code and jump to it. https://en.wikipedia.org/wiki/W%5EX OpenBSD is pushing to make all package software W^X compliant, which includes PyPy. Note however that W^X benefits everyone, not just OpenBSD users. Pax/Linux users would also be able to run PyPy. The overall model in a JIT is something like this: ``` mem = alloc_writable_pages(); write_code(mem); mprotect(mem, PROT_EXEC); ``` Then every time you need to mutate the memory, you have to `mprotect` it writeable again. I have already started work on this, but don't expect it to be ready quickly -- I think it's going to be pretty hard. Thanks Responsible: vext01 _______________________________________________ pypy-issue mailing list pypy-issue@python.org https://mail.python.org/mailman/listinfo/pypy-issue
