Theo De Raadt inoronga kusimbisa iyo W ^ X (Nyora XOR Execute) nzira yekudzivirira ndangariro. Izvo zvakakosha zvechigadziriso ndechekuti mapeji ekurangarira haagone kuwanikwa panguva imwe chete yekunyora nekuita. Nokudaro, kodhi inogona kuitwa chete mushure mokunge kunyora kwavharwa, uye kunyora kune peji yekuyeuka kunogoneka chete mushure mokunge kuurayiwa kwavharwa. Iyo W ^ X nzira inobatsira kuchengetedza mushandisi-nzvimbo zvikumbiro kubva kune zvakajairika buffer mafashama kurwisa, kusanganisira stack mafashama, uye inoshanda muOpenBSD. .
Kubva pakutanga kwebasa paW ^ X, zvaive pachena kuti iyi yaive mugwagwa wakareba, sezvo kwaive nenhamba yakakosha yemashandisirwo ekushandisa JIT. Kuitwa kweJIT kunogona kukamurwa muzvikamu zvitatu:
- Kuchinja ndangariro pakati peW uye X inoti, kubvuma "mutengo" wekufona system .
- Kugadzira aliases pakati peviri yeW uye X mepu yendangariro imwe chete.
- Iyo yakanyanya "tsvina" sarudzo inoda W | X ndangariro modhi inobvumira panguva imwe chete kurekodha uye kuuraya.
Parizvino, kune mapurogiramu mashoma kwazvo anoshandisa sarudzo yechitatu uye akawanda achishandisa yekutanga neyechipiri. Nekudaro, sezvo zvaive zvakafanira kumhanyisa zvirongwa neW | X JIT (kunyanya Chromium neIridum), "wxallowed" filesystem gomo sarudzo yakawedzerwa, iyo yakabvumira ndangariro kuti ishandiswe panguva imwe chete pakunyora uye kuuraya, kana kana iyo ELF inogona kuitwa. faira rakanyorwa ne βwxneededβ marker, uye iwo maapplication acho aichengetedzwawo nekushandisa michina. ΠΈ kudzikamisa runyorwa rwekufona system inoshandiswa uye zvikamu zvefaira system inowanikwa kune application, zvichiteerana.
Kuti uwedzere kuomesa kushandiswa kwekusagadzikana mumashandisirwo akadai, kuwedzera kune iyo michina inokurudzirwa. , iyo inotarisa kana iyo system yekufona iri kuitwa kubva pane inonyorwa ndangariro peji. Kana peji yacho ichinyorwa, maitiro acho anomanikidzwa kugumisa. Nenzira iyi, munhu anorwisa haazokwanisi kushandisa mafoni ehurongwa uye achamanikidzwa kuedza kutsvaga majeti anodiwa mukuita kweJIT, kana kutoita basa rakaoma rekuona system call stubs zvakananga mukati. .
Chrome / Iridium maitiro atove akachengetedzwa zvakavimbika uchishandisa pledge uye kuvheneka, asi kubvisa kugona kushandisa, semuenzaniso, iyo kunyora (2) system yekufona zviri pachena ine imwe mukana, sezvo ichigadzira mamwe matambudziko kune anorwisa. Nekudaro, matambudziko anogonawo kumuka kana iyo JIT yekumisikidza ichishandisa yemuno system mafoni kubva kuW | X ndangariro. Zvisinei, pane chikonzero chekutarisira kuti izvi hazvizove zvakadaro, sezvo ABI yakashandurwa kakawanda, asi hapana akambotaura matambudziko.
Shanduko idzi dzatovepo mune akajairwa snapshots yeOpenBSD-Yazvino bazi, munhu wese anofarira anokokwa kuti aedze.
Nhau dzinoenderana nezve kutaridzika kweiyo modhi muChrome / Iridium inofanirwa nemhinduro yakasiyana kubva kuna Theo . Kubva pakuona kwake, izvi zvinogamuchirwa kune mamwe maitiro ekushandisa, asi zvichida kwete kune vose, sezvo iyi modhi ichave iri pachena kuwedzera mutoro pane processor. Parizvino, Chrome ichanyanya kushanda kana ukadzima "wxallowed" ye/usr/yenzvimbo, kunyangwe panogona kunge paine matambudziko nemamwe ekuwedzera (ghostery muenzaniso). Imwe nzira kana imwe, Theo anotarisira kuti basa rakazara muJITless mode richaunzwa kumamiriro ekushanda zvizere munguva pfupi iri kutevera.
Source: opennet.ru