Re: PAX mprotect and JIT

[coypu%SDF.ORG@localhost]

On Sun, Feb 26, 2017 at 02:52:39PM +0100, Kamil Rytarowski wrote:
> Can we have something like MAP_NOMPROTECT?  Something like it would be
> used to mmap(2) RWX region:
> 
> void *mapping = mmap(NULL, rounded_size, PROT_READ | PROT_WRITE |
> PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_NOMPROTECT, -1, 0);
> 
> Are doubled mappings more secure than this?
> 

what pax mprotect does is silently turn RWX mapping to RW.