Of course, with a memory-safe language, W^X is not a needed mitigation. With runtime compilation, it is, as illustrated here, even in the way.https://twitter.com/TheMichaelBurge/status/978381073506643968 …
-
-
In fact, I'm outraged at the suggestion W^X is of any use here. There's an entry point to EVAL in this process that one can conveniently return into. Chain it up with a call to READ, and bingo, platform independent sploit payload.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.