Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It seems disingenuous to write an article extolling the benefits of JIT and self-modifying code without mentioning the security concerns of allowing anyone to change executable code.


You don't need to be able to change code to execute arbitrary code --- see return-oriented programming. Besides, NX gives you almost all the same benefits.

Restrictions on code execution strike me more as business controls (and yes, assaults on freedom) than real security measures.


Look at my other response in this thread, ROP isn't trivial these days due to ASLR implementations. Almost always one needs information leak bugs.

The presence of a JIT makes things trivially abusable for the attacker and is a big security risk.


Whitelists can be maintained by the device owner/administrator, instead of the device vendor.


You say "disingenuous", I say "focused". :-)


More disingenuous than somehow confusing policies of vendors with fundamental CPU architectural paradigms?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: