
A further W^X refinement – OpenBSD - kjeetgill
https://marc.info/?l=openbsd-tech&m=155899373514678&w=2
======
kjeetgill
For the uninitiated: W^X is feature of memory pages being either writeable xor
executable, so never both. This works for many applications but trips up
applications which JIT, like most Java or JavaScript runtimes.

This is about doing something smarter with those: essentially disabling
syscalls from those JIT pages. It can't stop return to libc attacks but it's
something!

Also, If you're not familiar with some fun OpenBSD security tidbits, I
recommend people check out pledge and unveil, which the article references.

