Executing from readablee, no-exec pages
Benjamin Herrenschmidt
benh at kernel.crashing.org
Sat Jul 7 12:33:32 EST 2007
> Well, it means that leaving VM_READ out of the check (except where the
> hardware PTE has an exec bit) isn't really buying us anything
> security-wise (especially since the primary reason for no-exec protection
> is to avoid code injections via stack overflow, and those pages will
> usually already be present), so it doesn't hurt much to let things keep
> working.
>
> At the least, I'd like it to keep working for a few more kernel releases
> (with a warning printed when a VM_EXEC-only test would have failed), so
> people have time to upgrade glibc.
I agree. Care to send a patch ? :-0
Ben.
More information about the Linuxppc-dev
mailing list