Support Apple M Series CPUs & OSX Hardened Runtime #1
Labels
enhancement
New feature or request
Comments
Sewer56
changed the title
|
I can setup hardware access or am able to test code for this ticket. |
|
For reference. The function https://github.com/Reloaded-Project/Reloaded.Memory.Buffers/blob/8d96107b4ddf8e5c5f190278814dcf217597f8b5/src-rust/src/buffers.rs#L142 On x86 this is already the case, and that's also the true for AArch64 on non-macOS, but due to W^X, this isn't possible on macOS M Series. The goal would be getting that function to be atomic. I was thinking of the double |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Up for grabs.
I do not have access to the relevant hardware here to test on Apple Series M chips; and no way to emulate them either.
Motivations
Although this library is
no_stdand already supports ARM64 (aarch64); some operating systems have security measures in place which make hooking difficult.For example, macOS enforces W^X on Apple hardware; where a region of memory can either only be writable or executable at any time. This is a bit problematic...
Solution
Some fiddling with JIT Entitlement might be necessary to acquire the desired outcome here.
The execute protection appears to function on a per thread basis, as described in the article, so simply calling
pthread_jit_write_protect_np(false)before the code is written andpthread_jit_write_protect_np(true)after it is written, should be sufficient.Additional Context
I do not have a way to simulate this hardware or test under hardened runtime.
All current testing of OSX was done in a veeeeeryyyy slowwwwww VM (Intel based macOS), and CI/CD.
To implement this, it might also be necessary to change the allocate perms on the Rust port Reloaded.Memory.Buffers which is the memory buffer provider; current perms allocate as RWX using
mach_vm_allocate, the behaviour of that is unclear.The text was updated successfully, but these errors were encountered: