> This seems like a good idea to me. It would allow more than just the > loader to harden userspace allocations. It's a more direct version of > PaX's "MPROTECT" feature[1]. That feature hardens existing loaders, > but doesn't play nice with JITs (like Java), but this lets a loader > (or JIT) opt-in to the protection and have some direct control over it. >
If desired, additional restrictions can be imposed by using the security framework, e.g,, disallow non-final r-x mappings. > It seems like there needs to be a sensible way to detect that this flag is > available, though. > I am open for suggestions to address this. Our particular implementation of the loader (on an embedded system) tries to set it on the first mmap invocation, and stops trying if it fails. Not the most elegant approach, I know ... -- Ard. > -Kees > > [1] http://pax.grsecurity.net/docs/mprotect.txt > > -- > Kees Cook @outflux.net -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
