Looking back at my time on the Chakra and the OG Edge team, few projects I had the opportunity to work on feel as consequential to my development as an engineer as my opportunity to work on MemGC (Memory Garbage Collection). In the 2014-16 time period the largest amount of security bugs filed against Internet Explorer were Use-After-Frees (UAFs).MemGC was our architectural response: a garbage collector designed not just for performance, but as a hard security boundary. It was good enough that it recieved praise from Google project zero: "MemGC is an example of a useful mitigation that results in a clear positive real-world impact". I do love quoting this 😂. The Core Idea: Turning UAF into a GC Problem Before MemGC, we tried mitigations like Isolated Heap and Delay Free. They were clever "band-aids" that made exploitation harder but didn't solve the root cause. If a developer forgot to null a pointer after a free(), the door remained open. MemGC changed the game by bringing the…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.