Security Mitigations

From Nintendo Switch Brew
Revision as of 03:16, 3 November 2025 by Yellows8 (talk | contribs) (Created page with "= ASLR (Address Space Layout Randomization) = ASLR for userspace is supported. KASLR (kernel) was added with 5.0.0. PASLR (physical) was added with 10.0.0. = RelRo = Support for RelRo (read-only-relocations) was added with 17.0.0, binaries built for [17.0.0+] use this. = PAC = [S2] PAC is used for retaddrs on stack. = XOM (eXecute-Only-Memory) = Support for --X was initially added with [19.0.0+], however it's onl...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

ASLR (Address Space Layout Randomization)

ASLR for userspace is supported.

KASLR (kernel) was added with 5.0.0. PASLR (physical) was added with 10.0.0.

RelRo

Support for RelRo (read-only-relocations) was added with 17.0.0, binaries built for [17.0.0+] use this.

PAC

[S2] PAC is used for retaddrs on stack.

XOM (eXecute-Only-Memory)

Support for --X was initially added with [19.0.0+], however it's only used on S2. It's unknown when S2 enabled using this.

Sysmodules have --X .text, at least as of system-version 20.x.

CFI (Control-Flow-Integrity)

Besides the CFI used by web-applets, S2 sysmodules seem to use a version of CFI which validate vtable-ptrs (the value of the ptr, without accessing the data located there).

Retrieved from "https://switchbrew.org/w/index.php?title=Security_Mitigations&oldid=13995"