Subject: more on non-executable mappings
To: None <tech-kern@netbsd.org>
From: Chuck Silvers <chuq@chuq.com>
List: tech-kern
Date: 11/28/2003 11:57:21
I'm getting back to looking at the rest of the non-executable mapping work
from openbsd. (well, really this goes beyond that, to what they're calling
"W^X", meaning that any given part of the user address space should not be
both writable and executable.) the remaining items are:
(1) update the kernel ELF code to handle more than 2 PT_LOAD sections.
(2) change the linker to put the PLT, GOT and rodata into their PT_LOAD
sections so that they can have different permissions than the existing
"text" and "data" load sections.
(3) change the runtime linker to use mprotect() to enable write access
to the PLT only when needed, leaving it read-only the rest of the time.
(4) other MD issues with kernel support for non-executable mappings
(a) i386 currently only supports non-execute for the part of the
address space where the traditional unix stack lives. this doesn't
do anything for the data or bss sections, or the heap or mmap()d
files (eg. shared libraries), or pthread stacks.
the openbsd guys rearranged their user address space layout on i386
fairly drastically to put all the executable mappings below
a certain threshold.
(b) powerpc OEA hardware only supports execute permissions at a
segment (256MB) granularity. ideally we would rearrange the
user address space layout here as well to put all the executable
mappings down in segment 0 in the usual case.
the first of these should be non-controversial and I have attached
a patch which implements it. I'll commit it in a week or so if
there are no objections.
as for the other items, I'd like opinions on whether or not we want them,
and if we do, how we might achieve them with the fewest headaches.
-Chuck