tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: PAX mprotect and JIT
On Sun, Feb 26, 2017 at 03:27:05PM +0100, Kamil Rytarowski wrote:
> On 26.02.2017 15:05, coypu%SDF.ORG@localhost wrote:
> > On Sun, Feb 26, 2017 at 02:52:39PM +0100, Kamil Rytarowski wrote:
> >> Can we have something like MAP_NOMPROTECT? Something like it would be
> >> used to mmap(2) RWX region:
> >>
> >> void *mapping = mmap(NULL, rounded_size, PROT_READ | PROT_WRITE |
> >> PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_NOMPROTECT, -1, 0);
> >>
> >> Are doubled mappings more secure than this?
> >>
> >
> > what pax mprotect does is silently turn RWX mapping to RW.
> >
>
> What's the [security] difference between fooling and disabling mprotect
> for a memory region?
>
> Is there a room to add this nomprotect allocator in libutil(3) to make
> it convenient to reuse out of libffi?
>
Just disable it if you want RWX mappings. I don't see the problem.
Home |
Main Index |
Thread Index |
Old Index