> Personally I would want my kernel to prevent that if at all possible
> (though yes, at the moment I believe we have an executable stack on some
> platforms, so I guess it can't be quite so protective yet)

There is absolutely nothing to stop a statically linked program
using mmap to get a piece of writable, executable memeory.
Code can be written to it and then executed [1].

If you are worried about shared libraries being changed while
a system is active (is this a real problem?), the look at
'registering' valid shared libraries with the kernel before
it is made secure.  The kernel could then keep the vnodes for them
and mark them so they couldn't be written to (text busy?).

Maybe the rtld code could use some of the kernel routines for
mapping elf objects.  After all the code is (almost) permanently
resident anyway.

	David

[1] provided you can flush the D cache and invalidate the I cache.

-- 
David Laight: david@l8s.co.uk