On 26.02.2017 15:05, coypu%SDF.ORG@localhost wrote: > On Sun, Feb 26, 2017 at 02:52:39PM +0100, Kamil Rytarowski wrote: >> Can we have something like MAP_NOMPROTECT? Something like it would be >> used to mmap(2) RWX region: >> >> void *mapping = mmap(NULL, rounded_size, PROT_READ | PROT_WRITE | >> PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_NOMPROTECT, -1, 0); >> >> Are doubled mappings more secure than this? >> > > what pax mprotect does is silently turn RWX mapping to RW. > What's the [security] difference between fooling and disabling mprotect for a memory region? Is there a room to add this nomprotect allocator in libutil(3) to make it convenient to reuse out of libffi?
Attachment:
signature.asc
Description: OpenPGP digital signature