-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Apple M Series CPUs & OSX Hardened Runtime #1
Comments
I can setup hardware access or am able to test code for this ticket. |
For reference. The function https://github.com/Reloaded-Project/Reloaded.Memory.Buffers/blob/8d96107b4ddf8e5c5f190278814dcf217597f8b5/src-rust/src/buffers.rs#L142 On x86 this is already the case, and that's also the true for AArch64 on non-macOS, but due to W^X, this isn't possible on macOS M Series. The goal would be getting that function to be atomic. I was thinking of the double |
Up for grabs.
I do not have access to the relevant hardware here to test on Apple Series M chips; and no way to emulate them either.
Motivations
Although this library is
no_std
and already supports ARM64 (aarch64
); some operating systems have security measures in place which make hooking difficult.For example, macOS enforces W^X on Apple hardware; where a region of memory can either only be writable or executable at any time. This is a bit problematic...
Solution
Some fiddling with JIT Entitlement might be necessary to acquire the desired outcome here.
The execute protection appears to function on a per thread basis, as described in the article, so simply calling
pthread_jit_write_protect_np(false)
before the code is written andpthread_jit_write_protect_np(true)
after it is written, should be sufficient.Additional Context
I do not have a way to simulate this hardware or test under hardened runtime.
All current testing of OSX was done in a veeeeeryyyy slowwwwww VM (Intel based macOS), and CI/CD.
To implement this, it might also be necessary to change the allocate perms on the Rust port Reloaded.Memory.Buffers which is the memory buffer provider; current perms allocate as RWX using
mach_vm_allocate
, the behaviour of that is unclear.The text was updated successfully, but these errors were encountered: