Open
Bug 1338207
Opened 9 years ago
Updated 1 year ago
Add a test case to verify W^X page protection.
Categories
(Core :: JavaScript Engine: JIT, enhancement, P5)
Core
JavaScript Engine: JIT
Tracking
()
NEW
People
(Reporter: nbp, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: triage-deferred)
Bug 1338179 might weakens the W^X page protection mechanism in rare cases.
We can add a non-fruzzer-friendly(*) JS Shell test case, which can be used in a expected-failing test case to double check that W-access is forbidden on the jit-code of a function given as argument.
(*) With extra bonus points if we can make it fuzzer friendly.
Flags: needinfo?(nicolas.b.pierron)
|
||
Updated•8 years ago
|
Keywords: triage-deferred
Priority: -- → P3
firejail now has a pref enforcing W^X. Firefox doesn't work when it is active.
|
||
Comment 2•6 years ago
|
||
(In reply to KOLANICH from comment #1)
firejail now has a pref enforcing W^X. Firefox doesn't work when it is active.
Is it possible to get a stack trace or something else to help debug this? It could be in another part of the browser.
Is it possible to get a stack trace or something else to help debug this?
I have not tried, but should be possible. If you mean a crash, the app doesn't, it just hangs.
It could be in another part of the browser.
It can. I have not checked this. One of firejail maintainers guesses it may be GTK or Qt. Anyway, if we need FF being W&X-free, all the dependencies shold be fixed too.
|
Reporter | |
Updated•6 years ago
|
Type: defect → enhancement
Flags: needinfo?(nicolas.b.pierron)
Priority: P3 → P5
|
||
Updated•3 years ago
|
Severity: normal → S3
|
|
Reporter | |
Updated•2 years ago
|
Blocks: jit-spray-mitigations
Severity: S3 → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•