Le 08/08/2018 à 20:13, Ryo Shimizu a écrit :
It would be nice to set SCTLR_EL1.WXN, by the way.Yes, It is easy. But should this be synchronized with security.pax.mprotect.enabled? If so, we need a md-hook in the sysctl helper of pax.mprotect.enable.
Ah, I misunderstood the meaning of SCTLR_EL1; in fact it also controls EL0. So no, we probably can't set SCTLR_EL1.WXN, because it affects userland too and not just the kernel...