Leo Meyerovich wrote:
Meant to ask earlier -- for SFI/CFI:
-- How is JIT'd code handled? E.g., the JIT also outputs instrumented code and
we trust whoever ran the JIT?
We have had some work on hardening SpiderMonkey against JIT-spraying
techniques but we have not done anything to try to gene
Meant to ask earlier -- for SFI/CFI:
-- How is JIT'd code handled? E.g., the JIT also outputs instrumented code and
we trust whoever ran the JIT?
-- Are return-to-libc attacks in the threat model or is that too academic? A
seemingly realistic example of return-to-libc would tricking the browser
2 matches
Mail list logo
