Hacker Neue

Preferences
asveikau parent
Curious what you use that for. My previous exposure for "get task" on Darwin/XNU is it's useful for reading or writing the memory of another process and suspending or resuming its threads, as in writing a debugger.
saagarjha
The app pretends to debug itself, which tricks the kernel into allowing it to flip the permissions of pages between write and execute. To do this it needs the get_task_allow entitlement.
asveikau OP
Ah ok. So everything with a JIT will need this. I think I might even have read that somewhere long ago.

This is a weird thing by the way. It seems to me like you should be able to debug or do VM syscalls against yourself because there is no escalation of privilege. Debugging another process makes much more sense to block. But maybe my opinion is invalid because I also happen to think disallowing jit with kernel permissions is very silly. (Maybe dropping ability to do this in the style of openbsd's pledge(2) would be appropriate, but only for a process that really wants extra security.)

saagarjha
> So everything with a JIT will need this.

Actual JITs (ones blessed by Apple, not hacks like these) possess the dynamic-codesigning entitlement, and can just make RWX pages.

> But maybe my opinion is invalid because I also happen to think disallowing jit with kernel permissions is very silly.

Your opinion isn't invalid, but it goes against Apple's security model of iOS (namely: apps should not be able to modify themselves).

asveikau OP
> Your opinion isn't invalid, but it goes against Apple's security model of iOS (namely: apps should not be able to modify themselves).

And my position is this is a silly approach, or, maybe is ok but should be opt-in, or perhaps opt-out with third parties being automatically trusted to decide they want to use JIT without hoops.

W^X is good default policy but Apple's policy is unreasonable and paranoid.

swiley
I can’t remember weather it was ish or some JS thing but you can do a kind of JIT without RWX by setting up chains of functions that tailcall eachother.
saagarjha
iSH has a threaded interpreter that works like that, yes.

This item has no comments currently.