tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PAX mprotect and JIT



On 26.02.2017 15:05, coypu%SDF.ORG@localhost wrote:
> On Sun, Feb 26, 2017 at 02:52:39PM +0100, Kamil Rytarowski wrote:
>> Can we have something like MAP_NOMPROTECT?  Something like it would be
>> used to mmap(2) RWX region:
>>
>> void *mapping = mmap(NULL, rounded_size, PROT_READ | PROT_WRITE |
>> PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_NOMPROTECT, -1, 0);
>>
>> Are doubled mappings more secure than this?
>>
> 
> what pax mprotect does is silently turn RWX mapping to RW.
> 

What's the [security] difference between fooling and disabling mprotect
for a memory region?

Is there a room to add this nomprotect allocator in libutil(3) to make
it convenient to reuse out of libffi?

Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index