Security Mitigations

From Nintendo Switch Brew
Revision as of 18:28, 7 November 2025 by Yellows8 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

ASLR (Address Space Layout Randomization)

ASLR for userspace is supported.

KASLR (kernel) was added with 5.0.0. PASLR (physical) was added with 10.0.0.

RelRo

Support for RelRo (read-only-relocations) was added with 17.0.0, binaries built for [17.0.0+] use this.

PAC

[S2] PAC is used for retaddrs on stack.

XOM (eXecute-Only-Memory)

Support for --X was initially added with [19.0.0+], however it's only used on S2. It's unknown when S2 enabled using this.

Sysmodules have --X .text, at least as of system-version 20.x.

CFI (Control-Flow-Integrity)

Besides the CFI used by web-applets, S2 sysmodules use a version of CFI which validate vtable-ptrs (the address of the ptr, without accessing the data located there). PAC is not used with this. An undefined-instruction exception is triggered on CFI failure.

This is present with sysmodules on system-version 20.x, it's unknown whether 19.0.0 has this.

Retrieved from "https://switchbrew.org/w/index.php?title=Security_Mitigations&oldid=13999"