Comment by osy
6 years ago
We’re referring to the ability to remap RX memory as RW without the JIT entitlement which is normally needed to map RWX pages. The author calls it an (ab)use because mapping RWX is prohibited by the system but RW+RX in aliased memory which effectively achieves the same purpose is allowed. This ability is what I hope Apple doesn’t patch at a misguided attempt to fix a “security issue” (which I argue is not).
I would argue that being able to run arbitrary code that I have authorized on my hardware is not a security issue, but Apple clearly disagrees :) I would expect Apple to patch ptrace rather than virtual memory remapping, in this case, since there really is no reason that an application that is not spawned by debugserver "needs" to be able to request PT_TRACE_ME. But since this doesn't really affect most users, maybe they'll let us have some fun for once…