Executing from readablee, no-exec pages
Scott Wood
scottwood at freescale.com
Sat Jul 7 02:49:42 EST 2007
On Fri, Jul 06, 2007 at 03:24:20PM +0200, Segher Boessenkool wrote:
> >Personally, I'd rather stick the VM_READ in there, partially for
> >selfish reasons (our root filesystems are based on older glibcs),
> >and because it seems a little too soon to deprecate glibc 2.3,
>
> Oh I don't know, can't we just deprecate glibc completely? ;-)
I wish. :-)
> >but also because in the absence of hardware support, the VM_EXEC
> >check will be nondeterministic, kicking in only when the first
> >fault for a page is to execute.
>
> I don't think that is a big concern.
Well, it means that leaving VM_READ out of the check (except where the
hardware PTE has an exec bit) isn't really buying us anything
security-wise (especially since the primary reason for no-exec protection
is to avoid code injections via stack overflow, and those pages will
usually already be present), so it doesn't hurt much to let things keep
working.
At the least, I'd like it to keep working for a few more kernel releases
(with a warning printed when a VM_EXEC-only test would have failed), so
people have time to upgrade glibc.
-Scott
More information about the Linuxppc-dev
mailing list