Hacker News new | past | comments | ask | show | jobs | submit login

Hardly "now" - there are ongoing complaints re other JITs, eg LuaJIT, not to mention Javascript...

But on the other hand, non executable heap is a reasonably valid defence against some attack types. And Apple don't care about your convenience...




Non-executable heap is an extremely reasonable default, but not even allowing you to mprotect() a page back to being executable is just annoying.


It actually makes a lot of sense. Preventing pages from being executable makes exploitation so so so much harder... Because you will need to do ROP (Return oriented programming) and Apple is quite good at ASLR (Address space layour randomization).. It also means that malware can't just load external code from a C&C server etc.. And yes, it sucks that all this means that one can't JIT.

Edit: Allowing executable pages would also break mandatory code signing.


You'll have to do ROP to get the app to make your data executable anyway. Is it really that much easier?


> , not to mention Javascript...

JavaScript support has been improved on the upcoming iOS version, even interaction with the Objective-C runtime. Not sure about JIT, though.

If you have an Apple account check the JavaScript sessions from WWDC 2013.


it's apple-approved javascript which does not have the same restrictions as normal stuff.


Yes, but that makes JavaScript one less language to complain about in iOS.


no, because you can't challenge "javascript is slow", since only apple is allowed to JIT it. If they do a bad job, there is noone else to help.


Yes there is, you can always write a native compiler for JavaScript, no one says you need to JIT it.

Lisp, Dylan are just two examples from dynamic languages with native compilers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: