> Well, it means that leaving VM_READ out of the check (except where the
> hardware PTE has an exec bit) isn't really buying us anything
> security-wise (especially since the primary reason for no-exec protection
> is to avoid code injections via stack overflow, and those pages will
> usually alre
On Fri, 2007-07-06 at 10:42 -0400, David Woodhouse wrote:
> On Thu, 2007-07-05 at 16:55 -0500, Scott Wood wrote:
> > To maintain compatibility with these versions, we could change the test
> > in do_page_fault() to include VM_READ as well as VM_EXEC on targets that
> > don't have a separate exec-
On Fri, Jul 06, 2007 at 03:24:20PM +0200, Segher Boessenkool wrote:
> >Personally, I'd rather stick the VM_READ in there, partially for
> >selfish reasons (our root filesystems are based on older glibcs),
> >and because it seems a little too soon to deprecate glibc 2.3,
>
> Oh I don't know, can't
On Thu, 2007-07-05 at 16:55 -0500, Scott Wood wrote:
> To maintain compatibility with these versions, we could change the test
> in do_page_fault() to include VM_READ as well as VM_EXEC on targets that
> don't have a separate exec-bit in hardware (are there any powerpc mmus
> that do?).
64-bi
On Fri, 2007-07-06 at 15:36 +0200, Segher Boessenkool wrote:
> > Umm, are you sure about this? The "prevent data exception in kernel
> > space" patch came from a test program I had that attempted to
> > execute a
> > page with /no permissions/ at all!
>
> I haven't looked at the code path in de
>> As revealed by the recent "Prevent data exception in kernel space"
>> patch, versions of glibc prior to 2.4[1] assume that, on
>> powerpc32, they
>> can execute out of any readable mapping, regardless of whether it is
>> marked for execution. This happens in the elf_machine_load_address()
>>
> As revealed by the recent "Prevent data exception in kernel
> space" patch, versions of glibc prior to 2.4[1] assume that,
Are you sure that this hasn't been fixed somewhere in the 2.3
series, too?
> on powerpc32, they can execute out of any readable mapping,
> regardless of whether it is marke
On Thu, 2007-07-05 at 16:55 -0500, Scott Wood wrote:
> As revealed by the recent "Prevent data exception in kernel space"
> patch, versions of glibc prior to 2.4[1] assume that, on powerpc32, they
> can execute out of any readable mapping, regardless of whether it is
> marked for execution. Thi
On Thu, 2007-07-05 at 16:55 -0500, Scott Wood wrote:
> As revealed by the recent "Prevent data exception in kernel space"
> patch, versions of glibc prior to 2.4[1] assume that, on powerpc32, they
> can execute out of any readable mapping, regardless of whether it is
> marked for execution. Thi
As revealed by the recent "Prevent data exception in kernel space"
patch, versions of glibc prior to 2.4[1] assume that, on powerpc32, they
can execute out of any readable mapping, regardless of whether it is
marked for execution. This happens in the elf_machine_load_address()
function.
To ma
10 matches
Mail list logo
