Attacking hardened Linux systems with kernel JIT spraying

The "main is usually a function" blog has a
discussion on the use of "Jit spraying" techniques
to attack the
kernel, even when features like supervisor-mode execution prevention are
turned on. "JIT spraying is a viable tactic when we (the attacker)
control the input to a just-in-time compiler. The JIT will write into
executable memory on our behalf, and we have some control over what it
writes. Of course, a JIT compiling untrusted code will be careful with
what instructions it produces. The trick of JIT spraying is that seemingly
innocuous instructions can be trouble when looked at another way."