Security Mitigations: Difference between revisions
Confirmed to be present on S2 19.0.0+ |
Confirmed to be present in 19.0.0 |
||
| Line 11: | Line 11: | ||
= XOM (eXecute-Only-Memory) = | = XOM (eXecute-Only-Memory) = | ||
Support for --X was initially added with [19.0.0+], however it's only used on S2 | Support for --X was initially added with [19.0.0+], however it's only used on S2. | ||
S2 sysmodules have --X .text, starting with [19.0.0]. | |||
= CFI (Control-Flow-Integrity) = | = CFI (Control-Flow-Integrity) = | ||
Besides the CFI used by [[Internet_Browser|web-applets]], S2 sysmodules use a version of CFI which validate vtable-ptrs (the address of the ptr, without accessing the data located there). PAC is not used with this. An undefined-instruction exception is triggered on CFI failure. | Besides the CFI used by [[Internet_Browser|web-applets]], S2 sysmodules use a version of CFI which validate vtable-ptrs (the address of the ptr, without accessing the data located there). PAC is not used with this. An undefined-instruction exception is triggered on CFI failure. | ||