[Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever
Dave Hansen
dave.hansen at linux.intel.com
Thu Aug 4 14:17:10 UTC 2016
On 08/03/2016 10:32 PM, Kees Cook wrote:
>> > BTW, while not a kernel security feature, I've been asked in the past to enable
>> > execute-only (no read) permissions on arm64 (e.g. mmap(PROT_EXEC)).
>> > I have a simple patch for this, though I'm not 100% sure about user ABI implications.
>> > So far I'm not aware of any user application using PROT_EXEC only and also
>> > expecting PROT_READ.
> x86 is working on this too, and IIRC, they uncovered some "fun" ELF
> corner cases. I've added Dave for some more background...
I haven't been able to find anything in the wild that actually uses
PROT_EXEC by itself. The corner cases I hit were because I took a
PROT_READ|PROT_EXEC mapping and munged it to really be PROT_EXEC only as
an experiment. It blew up pretty spectacularly because of
non-page-aligned ELF sections creating pages that really do contain
instructions _and_ read-only data.
The exec-only support got in 4.6 and does work under qemu today if
anyone wants to give it a try.
More information about the Ksummit-discuss
mailing list