* Dave Hansen <d...@sr71.net> wrote:
> > I.e. AFAICS pkeys could be used to create true '--x' permissions for
> > executable
> > (user-space) pages.
>
> Just remember that all of the protections are dependent on the contents of
> PKRU.
> If an attacker controls the Access-Disable bit in PKRU for the
> executable-only
> region, you're sunk.
The same is true if the attacker can execute mprotect() calls.
> But, that either requires being able to construct and execute arbitrary code
> *or* call existing code that sets PKRU to the desired values. Which, I guess,
> gets harder to do if all of the the wrpkru's are *in* the execute-only area.
Exactly. True --x executable regions makes it harder to 'upgrade' limited
attacks.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
