On 2017-01-28, Christian Schulte <c...@schulte.it> wrote: > Am 01/28/17 um 10:04 schrieb Alex McWhirter: >> Java doesn't work with write xor execute and this is the kernels way of >> letting you know. Java still runs because the partition is mounted with >> wxallowed, but the kernel still prints the error to let you know that >> Java isn't respecting a security feature. >> > > What should the VM do instead? It allocates memory, JIT compiles > bytecode to machinecode and then executes that machinecode. Should it > mprotect the memory after generating the machinecode? It would still > execute code from memory it could write to.
Yes, but that still helps because it can't execute and write the same address space at the same time. http://blog.acumensecurity.net/fpt_wx_ext-1-a-rundown/#comment-11564 may be of interest.
