Theo De Raadt yana shirin ƙarfafa tsarin kariya na ƙwaƙwalwar ajiya W^X (Rubuta XOR Execute). Ma'anar hanyar ita ce ba za a iya samun damar aiwatar da shafukan ƙwaƙwalwar ajiya lokaci guda don rubutawa da aiwatarwa ba. Don haka, za a iya aiwatar da lambar kawai bayan an kashe rubutu, kuma rubuta zuwa shafin ƙwaƙwalwar ajiya yana yiwuwa ne kawai bayan an kashe kisa. Tsarin W^X yana taimakawa kare aikace-aikacen-sararin mai amfani daga hare-haren wuce gona da iri na yau da kullun, gami da tari mai yawa, kuma yana aiki a cikin OpenBSD .
Tun daga farkon aikin W^X, ya bayyana a fili cewa wannan hanya ce mai tsawo, tun da akwai adadi mai yawa na aikace-aikacen ta amfani da JIT. Ana iya raba aiwatar da JIT zuwa kashi uku:
- Canja ƙwaƙwalwar ajiya tsakanin jihohin W da X, karɓar "farashin" na tsarin kiran .
- Ƙirƙirar laƙabi tsakanin taswirorin W da X na ƙwaƙwalwar ajiya iri ɗaya.
- Mafi yawan zaɓin "datti" yana buƙatar ƙirar ƙwaƙwalwar W|X wanda ke ba da damar yin rikodi da aiwatarwa lokaci guda.
A halin yanzu, akwai ƙarancin shirye-shirye ta amfani da zaɓi na uku da ƙari ta amfani da na farko da na biyu. Koyaya, tunda ya zama dole a gudanar da shirye-shirye tare da W Ana yiwa fayil alama tare da alamar “wxneeded”, kuma aikace-aikacen kansu an kare su ta amfani da dabaru и don iyakance jerin kiran tsarin da aka yi amfani da su da sassan tsarin fayil ɗin da ke akwai ga aikace-aikacen, bi da bi.
Don ƙara dagula amfani da rashin ƙarfi a cikin irin waɗannan aikace-aikacen, ana ba da shawarar ƙari ga tsarin. , wanda ke bincika ko ana aiwatar da kiran tsarin daga shafin ƙwaƙwalwar ajiya da aka rubuta. Idan shafin yana iya rubutawa, ana tilasta tsarin ya ƙare. Ta wannan hanyar, mai hari ba zai iya yin amfani da kiran tsarin ba kuma za a tilasta masa ya yi ƙoƙarin nemo na'urori masu mahimmanci a cikin aiwatar da JIT ko ma yin aiki mafi wahala na gano stubs na tsarin kai tsaye a ciki. .
Ayyukan Chrome/Iridium an riga an kiyaye su ta hanyar dogaro da alƙawari da buɗewa, amma cire ikon amfani da shi, alal misali, kiran tsarin rubutu (2) yana da ɗan fa'ida, tunda yana haifar da ƙarin matsaloli ga maharin. Koyaya, matsaloli kuma na iya tasowa idan aiwatar da JIT yayi amfani da kiran tsarin asali daga ƙwaƙwalwar W|X. Duk da haka, akwai dalilin da za a yi fatan cewa hakan ba zai kasance ba, tun da an canza ABI sau da yawa, amma babu wanda ya taba bayar da rahoton matsaloli.
An riga an sami canje-canje a cikin hotuna na yau da kullun na OpenBSD-Reshen Yanzu, ana gayyatar duk mai sha'awar gwadawa.
Labarai masu alaƙa game da bayyanar yanayin a cikin Chrome/Iridium ya cancanci sharhi daban daga Theo . Daga ra'ayinsa, wannan abin karɓa ne ga wasu samfuran amfani, amma tabbas ba duka ba ne, tunda wannan yanayin zai ƙara ɗaukar nauyi a kan na'urar. A halin yanzu, Chrome zai fi aiki idan kun kashe "wxallowed" don /usr/na gida, kodayake ana iya samun matsaloli tare da wasu kari (fatalwa misali ne). Wata hanya ko wata, Theo yana fatan cewa cikakken aiki a cikin yanayin JITless za a kawo shi cikin cikakken aiki a nan gaba.
source: budenet.ru