* Linus Torvalds <torva...@linux-foundation.org> wrote:
> On Thu, Oct 1, 2015 at 6:33 PM, Dave Hansen <d...@sr71.net> wrote:
> >
> > Here it is in a quite fugly form (well, it's not opt-in). Init crashes if
> > I
> > boot with this, though.
> >
> > I'll see if I can turn it in to a bit more of an opt-in and see what's
> > actually going wrong.
>
> It's quite likely that you will find that compilers put read-only constants
> in
> the text section, knowing that executable means readable.
At least with pkeys enabling true --x mappings, that compiler practice becomes
a
(mild) security problem: it provides a readable and executable return target
for
stack/buffer overflow attacks - FWIIW. (It's a limited concern because the true
code areas are executable already.)
I'd expect such readonly data to eventually move out into the regular data
sections, the moment the kernel gives a tool to distros to enforce true
PROT_EXEC
mappings.
> So it's entirely possible that it's pretty much all over.
I'd expect that too.
> That said, I don't understand your patch. Why check PROT_WRITE? We've had
> :"execute but not write" forever. It's "execute and not *read*" that is
> interesting.
Yeah, but almost none of user-space seems to be using it.
> So I wonder if your testing is just bogus. But maybe I'm mis-reading this?
I don't think you are mis-reading it: my (hacky! bad! not signed off!) debug
idea
was to fudge PROT_EXEC|PROT_READ bits into pure PROT_EXEC only - at least to
get
pkeys used in a much more serious fashion than standalone testcases, without
having to change the distro itself.
You are probably right that true data reads from executable sections are very
common, so this might not be a viable technique even for testing purposes.
But worth a try.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
