Re: PAX mprotect and JIT

To: Kamil Rytarowski <n54%gmx.com@localhost>
Subject: Re: PAX mprotect and JIT
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 26 Feb 2017 16:03:49 +0100

On Sun, Feb 26, 2017 at 02:52:39PM +0100, Kamil Rytarowski wrote:
> It looks difficult to understand on the first sight, the need to
> "reinvent" malloc(3) with this approach.

The point here is to have strict segration between code and non-code. It
doesn't work perfectly due to the additional book keeping pointers, but
pretty well.

> Can we have something like MAP_NOMPROTECT?  Something like it would be
> used to mmap(2) RWX region:
> 
> void *mapping = mmap(NULL, rounded_size, PROT_READ | PROT_WRITE |
> PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_NOMPROTECT, -1, 0);
> 
> Are doubled mappings more secure than this?

Yes, they are. It means you have to at least guess the second location.

Joerg

Follow-Ups:
- Re: PAX mprotect and JIT
  - From: Kamil Rytarowski

References:
- PAX mprotect and JIT
  - From: Joerg Sonnenberger
- Re: PAX mprotect and JIT
  - From: Kamil Rytarowski

Prev by Date: Re: PAX mprotect and JIT
Next by Date: Re: PAX mprotect and JIT
Previous by Thread: Re: PAX mprotect and JIT
Next by Thread: Re: PAX mprotect and JIT
Indexes:

Home | Main Index | Thread Index | Old Index