OpenBSD Sponsors Work For Better Browser Security
The OpenBSD Foundation is supporting work to adapt at least one web browser's JIT engine to support OpenBSD's "Write Xor Execute" policy for system memory.
OpenBSD, the BSD distribution generally regarded as being very security-minded, supports a memory policy of W^X -- write xor execute where memory can be marked as writable or executable but not both, in order to fend off potential exploits. For those not familiar with OpenBSD's W^X implementation, there's an overview on Wikipedia. However, this memory policy is only advisory as JIT engines in browsers are among the big offenders and enforcing this policy would break their functionality.
As a result, the OpenBSD Foundation has contracted Ted Unangst to begin working on fixing at least one browser's just-in-time engine to support the W^X policy. This project just started so there isn't a whole lot to share right now, but you can learn more via this OpenBSD mailing list post.
OpenBSD, the BSD distribution generally regarded as being very security-minded, supports a memory policy of W^X -- write xor execute where memory can be marked as writable or executable but not both, in order to fend off potential exploits. For those not familiar with OpenBSD's W^X implementation, there's an overview on Wikipedia. However, this memory policy is only advisory as JIT engines in browsers are among the big offenders and enforcing this policy would break their functionality.
As a result, the OpenBSD Foundation has contracted Ted Unangst to begin working on fixing at least one browser's just-in-time engine to support the W^X policy. This project just started so there isn't a whole lot to share right now, but you can learn more via this OpenBSD mailing list post.
5 Comments