Thanks for the clarification. On Wed, May 10, 2017 at 10:34 PM Ian Lance Taylor <i...@golang.org> wrote:
> On Wed, May 10, 2017 at 12:19 AM, <jan4...@gmail.com> wrote: > > > > Why we can't generate executable memory segments? JIT runtimes just doing > > this I think. > > Generating executable memory segments in a language that supports > converting integers to pointers opens up a wide attack surface in a > buggy program. An attacker who can get any sort of control over the > program can use this capability to write whatever code they like. It > means that any security bug is a full exposure of the entire system. > If the program can not create new executable memory segments then the > attacker is restricted to doing things that the program can already > do, which is very bad but still much less bad than complete exposure > of the entire system. > > This kind of argument does not apply to the JVM, at least not in full > force, because the Java code being executed by the JVM is effectively > living in a separate address space, one provided by the JVM itself. > For Java code to exploit executable memory segments would require > additional security holes in the JVM itself, not just one in the > program being executed. > > Ian > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
