Hi, On Tue, Aug 14, 2012 at 09:11:11PM +0200, Ard Biesheuvel wrote: > This patch adds support for the PROT_FINAL flag to > the mmap() and mprotect() syscalls. > > The PROT_FINAL flag indicates that the requested set > of protection bits should be final, i.e., it shall > not be allowed for a subsequent mprotect call to > set protection bits that were not set already. > > This is mainly intended for the dynamic linker, > which sets up the address space on behalf of > dynamic binaries. By using this flag, it can > prevent exploited code from remapping read-only > executable code or data sections read-write. > > Signed-off-by: Ard Biesheuvel <ard.biesheu...@gmail.com>
Reviewed-by: Kees Cook <keesc...@chromium.org> This seems like a good idea to me. It would allow more than just the loader to harden userspace allocations. It's a more direct version of PaX's "MPROTECT" feature[1]. That feature hardens existing loaders, but doesn't play nice with JITs (like Java), but this lets a loader (or JIT) opt-in to the protection and have some direct control over it. It seems like there needs to be a sensible way to detect that this flag is available, though. -Kees [1] http://pax.grsecurity.net/docs/mprotect.txt -- Kees Cook @outflux.net -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
