Closed Bug 1361159 Opened 7 years ago Closed 7 years ago

Enable ProhibitDynamicCode mitgation on Windows

Categories

(Core :: Security, enhancement, P3)

Product:
Core
Component:
Security
Type:
enhancement

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1381050

People

(Reporter: evilpie, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want) 

We should use SetProcessMitigationPolicy with PROCESS_MITIGATION_DYNAMIC_CODE_POLICY set to ProhibitDynamicCode and (sadly) AllowThreadOptOut. This means only threads that opt-in to dynamic code generation can create or modify dynamic code pages. I am currently not sure if we only do this on the main-thread and/or also on the JIT compilation thread.

This might be a good reference:
https://github.com/Microsoft/ChakraCore/blob/aaf454b8c6efeede0b940decfc087f36066ac8e4/lib/Common/Memory/VirtualAllocWrapper.cpp#L486
Severity: normal → enhancement
Keywords: sec-want
Priority: -- → P3
Actually, even though this one was first, I'm going to dupe it as the other one has a little more information.
No longer blocks: 1381050
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.