> Well, it means that leaving VM_READ out of the check (except where the > hardware PTE has an exec bit) isn't really buying us anything > security-wise (especially since the primary reason for no-exec protection > is to avoid code injections via stack overflow, and those pages will > usually already be present), so it doesn't hurt much to let things keep > working. > > At the least, I'd like it to keep working for a few more kernel releases > (with a warning printed when a VM_EXEC-only test would have failed), so > people have time to upgrade glibc.
I agree. Care to send a patch ? :-0 Ben. _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@ozlabs.org https://ozlabs.org/mailman/listinfo/linuxppc-dev
