There are security hazards around writable + executable code. They don't apply t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

JonChesterfield 11 months ago | parent | context | favorite | on: Rust std fs slower than Python? No, it's hardware

There are security hazards around writable + executable code. They don't apply to patching before execution (e.g. the install step) since nothing needs to be executed at that point. I don't think the security concerns apply during load time either - what does it matter if the text section is edited before it gets marked read-only&executable? It just means you're running a slightly different program, exactly as if it was edited during install.

In the memcpy case, where the library call is probably in a dynamically linked library anyway, it's particularly trivial to bind to one of N implementations of memcpy at load time. That only patches code if library calls are usually implemented that way.

Patching .text does tend to mess up using the same shared pages across multiple executables though which is a shame, and somewhat argues for install time specialisation.

saagarjha 11 months ago [–]

On certain platforms, it would break code signatures if they are tied to the pages the code is on.

andrekandre 11 months ago | [–]

  > On certain platforms, it would break code signatures

macos?

saagarjha 11 months ago | | [–]

Yeah, or iOS. Or other platforms that adopt a similar model

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact