Albert Cahalan <[EMAIL PROTECTED]> wrote: > On 6/19/07, William Lee Irwin III <[EMAIL PROTECTED]> wrote: >> On Fri, Jun 08, 2007 at 02:35:22AM -0400, Albert Cahalan wrote:
>>> Right now, Linux isn't all that friendly to JIT emulators. >>> Here are the problems and suggestions to improve the situation. >>> There is an SE Linux execmem restriction that enforces W^X. >>> Assuming you don't wish to just disable SE Linux, there are >>> two ugly ways around the problem. You can mmap a file twice, >>> or you can abuse SysV shared memory. The mmap method requires >>> that you know of a filesystem mounted rw,exec where you can >>> write a very large temporary file. This arbitrary filesystem, >>> rather than swap space, will be the backing store. The SysV >>> shared memory method requires an undocumented flag and is >>> subject to some annoying size limits. Both methods create >>> objects that will fail to be deleted if the program dies >>> before marking the objects for deletion. >> >> If the policy forbidding self-modifying code lacks a method of >> exempting programs such as JIT interpreters (which I doubt) then >> it's a problem. I'm with Alan on this one. > > It does and it doesn't. There is not a reasonable way for a > user to mark an app as needing full self-modifying ability. > It's not like the executable stack, which can be set via the > ELF note markings on the executable. (ELF note markings are > ideal because they can not be used via a ret-to-libc attack) > > With admin privs, one can change SE Linux settings. Mark the > executable, disable the protection system-wide, generate a > completely new SE Linux policy, or just turn SE Linux off. According to the documents I found about SELinux, you can also - create a this-app-needs-selfmodification type - allow users to change the context type of their files to this type - configure a domain to allow self-modification - configure the domain transition Brave words from someone who did not yet successfully find the magic in order to install the refpolicy on debilian (after finding their refpolicy-foo to be incomplete and their refpolicy-src to not compile). -- Why do women have smaller feet than men? It's one of those "evolutionary things" that allows them to stand closer to the kitchen sink. Friß, Spammer: [EMAIL PROTECTED] [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
