Theo De Raadt uhlela ukuqinisa indlela yokuvikela inkumbulo ye-W^X (Bhala i-XOR Execute). Ingqikithi yomshini ukuthi amakhasi enkumbulo okucubungula awakwazi ukufinyelelwa ngesikhathi esisodwa ukuze kubhalwe futhi kwenziwe. Ngakho-ke, ikhodi ingenziwa kuphela ngemva kokuba ukubhala kukhutshaziwe, futhi ukubhala ekhasini lememori kungenzeka kuphela ngemva kokuba ukubulawa kukhutshaziwe. Indlela ye-W^X isiza ukuvikela izinhlelo zokusebenza zesikhala somsebenzisi ekuhlaselweni okujwayelekile kwebhafa, okuhlanganisa ukuchichima kwesitaki, futhi iyasebenza ku-OpenBSD. .
Kusukela ekuqaleni komsebenzi ku-W^X, kwacaca ukuthi lona bekuwumgwaqo omude, njengoba bekunenani elikhulu lezicelo ezisebenzisa i-JIT. Ukuqaliswa kwe-JIT kungahlukaniswa ngezigaba ezintathu:
- Ukushintsha inkumbulo phakathi kwe-W kanye ne-X, yamukela "izindleko" zocingo lwesistimu .
- Ukudala iziteketiso phakathi kwepheya ka-W kanye no-X wemephu yememori efanayo.
- Inketho βengcolileβ kakhulu idinga imodeli yenkumbulo ye-W|X evumela ukurekhoda nokusebenza ngasikhathi sinye.
Njengamanje, kunezinhlelo ezimbalwa kakhulu ezisebenzisa inketho yesithathu futhi eziningi zisebenzisa eyokuqala neyesibili. Kodwa-ke, njengoba bekudingeka ukuqhuba izinhlelo nge-W | X JIT (ikakhulukazi i-Chromium ne-Iridum), inketho yokufaka isistimu yefayela "wxallowed", evumela inkumbulo ukuthi isetshenziselwe kanyekanye ukubhala nokwenza, uma kwenzeka i-ELF esebenzisekayo. ifayela limakwe ngomaka "wxneeded", futhi izinhlelo zokusebenza ngokwazo ziphinde zavikelwa kusetshenziswa izindlela ΠΈ ukukhawulela uhlu lwezingcingo zesistimu ezisetshenzisiwe kanye nezingxenye zesistimu yefayela ezitholakalayo kuhlelo lokusebenza, ngokulandelanayo.
Ukuze kuqhutshekwe kube nzima ukuxhashazwa kobungozi ezinhlelweni ezinjalo, kuhlongozwe ukungezwa kwendlela yokusebenza. , ehlola ukuthi ingabe ikholi yesistimu iyenziwa kusuka ekhasini lememori elibhalekayo. Uma ikhasi libhalwa, inqubo iphoqeleka ukuthi inqamule. Ngale ndlela, umhlaseli ngeke akwazi ukuxhaphaza amakholi esistimu futhi uzophoqeleka ukuthi azame ukuthola amagajethi adingekayo ekusetshenzisweni kwe-JIT noma enze umsebenzi onzima kakhulu wokuthola iziqu zekholi zesistimu ngqo ngaphakathi. .
Izinqubo ze-Chrome/Iridium sezivele zivikelwe ngendlela enokwethenjelwa kusetshenziswa isibambiso nokuvezwa, kodwa ukususa ikhono lokusebenzisa, isibonelo, ikholi yesistimu yokubhala(2) ngokusobala inenzuzo ethile, njengoba idala ubunzima obengeziwe kumhlaseli. Nokho, kungase kuphakame ubunzima uma ukuqaliswa kwe-JIT kusebenzisa izingcingo zesistimu zomdabu ezivela kumemori ye-W|X. Kodwa-ke, kunesizathu sokuthemba ukuthi lokhu ngeke kube njalo, njengoba i-ABI ishintshiwe izikhathi eziningana, kodwa akekho owake wabika izinkinga.
Izinguquko sezivele zitholakala kuzifinyezo ezivamile zegatsha le-OpenBSD-Yamanje, wonke umuntu onentshisekelo uyamenywa ukuthi ahlole.
Izindaba ezihlobene mayelana nokuvela kwemodi ku-Chrome/Iridium zifanelwe ukuphawula okuhlukile ku-Theo . Ngokombono wakhe, lokhu kuyamukeleka kwamanye amamodeli okusetshenziswa, kodwa mhlawumbe hhayi kubo bonke, ngoba le modi ngokusobala izokwandisa umthwalo kumprosesa. Okwamanje, i-Chrome izosebenza kakhulu uma ukhubaza okuthi "wxallowed" ku-/usr/local, nakuba kungase kube nezinkinga ngezinye izandiso (i-ghostery iyisibonelo). Ngandlela-thile, u-Theo uthemba ukuthi umsebenzi ogcwele ngokugcwele kumodi ye-JITless uzolethwa esimweni sokusebenza ngokugcwele esikhathini esizayo esiseduze.
Source: opennet.ru