|
|
|
|
|
|
by tinus_hn
2840 days ago
|
|
|
It doesn’t need privileges to sandbox unprivileged code. It needs special permission to run a JIT because that implies running binary code that was compiled ‘Just In Time’ on the device, so it isn’t signed. Normal processes can only run binary code that was verified to be signed. They can’t write to memory and then mark it as executable. |
|
|