cloudabi icon indicating copy to clipboard operation
cloudabi copied to clipboard
verified publisher icon NuxiNL

W^X support?

Open mcandre opened this issue 6 years ago • 3 comments

Could the CloudABI runtime support an option to enforce W^X, in order to reduce the attack surface further? This would minimize the risk of escaping out of the CloudABI runtime into the host.

mcandre avatar Feb 11 '19 18:02 mcandre

Hi there!

CloudABI already enforces W^X, right? At least, that's what both the userspace emulator and the FreeBSD kernel implementation do.

EdSchouten avatar Feb 11 '19 18:02 EdSchouten

https://github.com/NuxiNL/cloudabi/blob/a3ae008b1c0a1f33a3764fff69607afb16d45135/cloudabi.txt#L579-L580

EdSchouten avatar Feb 11 '19 18:02 EdSchouten

@EdSchouten Fascinating! What about macOS? Debian?

mcandre avatar Mar 02 '19 18:03 mcandre