(techcrunch.com)

286 points joegibbs | 2 comments | 15 Nov 24 01:55 UTC | HN request time: 0.42s | source

Show context

dcow ◴[15 Nov 24 04:42 UTC] No.42144029[source]▶

Why not just go all the way and separate the program instruction memory from the data memory, physically? I know there’s an approximation of this at the page level, but why even let the kernel modify its own memory in the first place? Memory unit that only loads signed pages. etc.

replies(3): >>42144066 #>>42144559 #>>42145502 #

1. astrange ◴[15 Nov 24 07:06 UTC] No.42144559[source]▶

>>42144029 #

What is this a response to? This already happens though - the kernel can't modify its own code pages. But there are plenty remaining attacks like overwriting function pointers or other data.

replies(1): >>42156794 #

2. dcow ◴[16 Nov 24 15:07 UTC] No.42156794[source]▶

>>42144559 (TP) #

If you can’t modify kernel memory then how do you overwrite function pointers? (I understand how rop works.) At some level you have to get privileged execution and doing so would be incredibly difficult if you can’t trick the kernel at some point after whatever amount of ropping you’ve done.

↑

New Apple security feature reboots iPhones after 3 days, researchers confirm