From 5cf052cedf33975a4c4590b3adbc90af1cbb6935 Mon Sep 17 00:00:00 2001 From: Erik Date: Sat, 25 Apr 2026 21:29:16 +0200 Subject: [PATCH] =?UTF-8?q?fix(agent):=20drop=20MemoryDenyWriteExecute=20?= =?UTF-8?q?=E2=80=94=20breaks=20Node.js=20V8=20JIT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Claude Code is a Node app. V8 JIT requires W^X transitions via mprotect with PROT_EXEC on JIT'd code pages. MemoryDenyWriteExecute kills the process with SIGTRAP/abort during startup (~10ms in). Without JIT we'd have to use --jitless mode, which destroys performance. The other systemd hardening (ProtectSystem, ProtectHome, InaccessiblePaths, NoNewPrivileges, capability drop, syscall filter, PrivateTmp, etc.) still gives strong filesystem and privilege isolation. The remaining shellcode-injection risk is theoretical — there is no Bash/Write/Edit tool exposed for an attacker to chain into. Also: MemoryLimit -> MemoryMax (deprecated unit form). --- agent/overlord-agent.service | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/agent/overlord-agent.service b/agent/overlord-agent.service index 2e05529c..4068ee86 100644 --- a/agent/overlord-agent.service +++ b/agent/overlord-agent.service @@ -25,7 +25,7 @@ StandardOutput=journal StandardError=journal # ─── Resource caps ───────────────────────────────────────────────── -MemoryLimit=512M +MemoryMax=512M CPUQuota=200% TasksMax=128 @@ -74,7 +74,12 @@ LockPersonality=true RestrictRealtime=true RestrictSUIDSGID=true RemoveIPC=true -MemoryDenyWriteExecute=true +# MemoryDenyWriteExecute would break Node.js (V8 JIT requires W^X +# transitions via mprotect with PROT_EXEC on JITted code pages). Claude +# Code is a Node app, so omit this. Without JIT we'd lose all model +# performance. The other restrictions still prevent shellcode injection +# in practice (no Bash/Write tools, no shellcraft surface). +# MemoryDenyWriteExecute=true ← DO NOT enable; breaks Node V8 JIT RestrictNamespaces=true # ─── Network family restriction ────────────────────────────────────