"Уязвимость во FreeType, эксплуатируемая через TTF-шрифт"
Сообщение от Аноним (114), 20-Окт-20, 16:37 
JIT, и все программы которые эту технологию используют не нужны, даже java, firefox, js, ...

В 1960-тых когда деды-математики закладывали основы матмоделей безопасности, установили режимы доступа RWX, и сказали WX одновременно - нельзя категорически. Executable code and read-only data must not be writable

Any areas of the kernel with executable memory must not be writable. While this obviously includes the kernel text itself, we must consider all additional places too: kernel modules, JIT memory, etc. (There are temporary exceptions to this rule to support things like instruction alternatives, breakpoints, kprobes, etc. If these must exist in a kernel, they are implemented in a way where the memory is temporarily made writable during the update, and then returned to the original permissions.)

In support of this are ``CONFIG_STRICT_KERNEL_RWX`` and ``CONFIG_STRICT_MODULE_RWX``, which seek to make sure that code is not writable, data is not executable, and read-only data is neither writable nor executable.

Most architectures have these options on by default and not user selectable. For some architectures like arm that wish to have these be selectable, the architecture Kconfig can select ARCH_OPTIONAL_KERNEL_RWX to enable a Kconfig prompt. ``CONFIG_ARCH_OPTIONAL_KERNEL_RWX_DEFAULT`` determines the default setting when ARCH_OPTIONAL_KERNEL_RWX is enabled.

Уязвимость во FreeType, эксплуатируемая через TTF-шрифт
