Closed
Bug 1361159
Opened 8 years ago
Closed 7 years ago
Enable ProhibitDynamicCode mitgation on Windows
Categories
(Core :: Security, enhancement, P3)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1381050
People
(Reporter: evilpie, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-want)
We should use SetProcessMitigationPolicy with PROCESS_MITIGATION_DYNAMIC_CODE_POLICY set to ProhibitDynamicCode and (sadly) AllowThreadOptOut. This means only threads that opt-in to dynamic code generation can create or modify dynamic code pages. I am currently not sure if we only do this on the main-thread and/or also on the JIT compilation thread.
This might be a good reference:
https://github.com/Microsoft/ChakraCore/blob/aaf454b8c6efeede0b940decfc087f36066ac8e4/lib/Common/Memory/VirtualAllocWrapper.cpp#L486
Updated•8 years ago
|
Blocks: JITHardening
Updated•7 years ago
|
Comment 1•7 years ago
|
||
Actually, even though this one was first, I'm going to dupe it as the other one has a little more information.
You need to log in
before you can comment on or make changes to this bug.
Description
•