Peter Gibbs <[EMAIL PROTECTED]> wrote: > Leopold Toetsch wrote: >> So we need: >> >> 1) a config test/option/whatever (e.g. mallocing some mem, fill in a >> "ret" instruction and call that. >> 2) Some means to allocate executable memory. >> >> Could you please have a look at fedora (kernel) docs?
> There are two ways to flag memory as executable: > 1) A flag to mmap > 2) Calling mprotect after the memory has been allocated Good. > I don't think we need to check whether exec-shield is active, only that > there is an mprotect function with the appropriate attribute constants. Considering the alignment effects[1] and the usage of JITted code for NCI too (where much smaller then page-size chunks are used) I'd prefer to do a config check and 1) allocate aligned memory then and 2) use mprotect only, when necessary. Actuall there is already a test (config/auto/jit/test_c.in) which executes code in data memory. So we don't need much more then adapt this test a bit and add the necessary allocation functions. > Regards > Peter Gibbs > EmKel Systems [1] I don't like to poke holes into this security system, by having unaligned chunks of executable memory around. Thanks for your investigations, leo
