@RichFelker Sadly, it already exists: the BPF JIT compiler. It has been getting increasingly complex and more difficult to harden too.
-
-
-
@CopperheadSec@RichFelker most of the "extensible OS" ideas from the 90s died for good reasons -
@johnregehr@RichFelker At least it's disabled by default on Linux, unlike some other platforms with this (mis)feature. Still quite scary... -
@johnregehr@RichFelker Correctness is only one aspect though. Either way, the attacker has a great way to generate an executable payload. -
@johnregehr@RichFelker There used to be a good implementation of JIT hardening in@grsecurity to make that much more difficult but not now. -
@johnregehr@RichFelker@grsecurity eBPF made the feature much more complex and scary so earlier work isn't directly applicable anymore.
End of conversation
New conversation -
-
-
@RichFelker@i0n1c As we all know, kernel code automatically runs faster than user space code.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.