Conversation

When the inevitable ARM macintosh comes out, do you think Apple will allow W+X pages on it or do you think they'll impose W^X and call it a "security feature"
4
28
Replying to and
A strong implementation prevents dynamic code generation. On Linux, this is provided by SELinux. If a process doesn't have the execmem permission, it can't create W|X mappings or transition mappings that were writable to executable, including not being able to do rw -> r -> rx.
2
It also has to be applied to files or it can be trivially bypassed via file-based mappings, by mapping the same file as writable and as executable in separate mappings. Writing to the file and mapping it as executable would also work. Strong implementations cover storage too.
1
Apple also prevents installing applications not signed by them and enforces code signing via their own keys. They enforce that all native code has to be signed by them. Safari has the lone exception. Restrictions on interpreted code are policy restrictions rather than technical.