[Rpcemu] RPCEmu 0.9.2
lists at maemagel.com
Mon Oct 28 14:06:18 PDT 2019
> On 26 Oct 2019, at 20:42, Theo Markettos <theo at markettos.org.uk> wrote:
> Apple is tightening up the use of code generated at runtime, since code
> injection is a common attack pathway. It's not possible to do it at all on
> iOS, for example. For macOS, it appears you need to pass MAP_JIT to mmap()
> and also have the feature enabled at code signing time:
> I think you also need pages RW or RX - macOS has almost no pages that are
> RWX and I suspect they want to keep it that way.
Interesting, thanks for that.
I *think* I have fixed this, at least on OS X 10.14.6. I found an example of a call to mmap() that I could actually understand and popped it into the method I mentioned previously. It appears to work now, though I'm not using MAP_JIT (if I do, I get an invalid argument error), and I haven't changed code-signing. Perhaps it needs to be different on Catalina - hopefully someone will be able to test this.
A revised patch will follow in the next few days.
More information about the RPCEmu