Slide 27
Slide 27 text
Extra topic: Security on dynamic loading
• It creates and compiles files like: "/tmp/_ruby_mjit_p12789u161.c"
• p12789 is PID, u161 is a sequential number, so it can be easily predicted
• MJIT worker should prevent it from being modified by others
• Initial implementation had vulnerability
• nobu fixed it to use: "open(c_file, O_EXCL|O_CREAT, 0600)"
• "O_EXCL|O_CREAT" is needed because an existing file may have
unexpected permission