Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Kernel: Disallow mapping anonymous memory as executable
This adds another layer of defense against introducing new code into a running process. The only permitted way of doing so is by mmapping an open file with PROT_READ | PROT_EXEC. This does make any future JIT implementations slightly more complicated but I think it's a worthwhile trade-off at this point. :^)
- Loading branch information