[musl] Powerpc Linux 'scv' system call ABI proposal take 2
Florian Weimer
fw at deneb.enyo.de
Tue Apr 21 19:57:00 AEST 2020
* Szabolcs Nagy:
> * Nicholas Piggin <npiggin at gmail.com> [2020-04-20 12:08:36 +1000]:
>> Excerpts from Rich Felker's message of April 20, 2020 11:29 am:
>> > Also, allowing patching of executable pages is generally frowned upon
>> > these days because W^X is a desirable hardening property.
>>
>> Right, it would want be write-protected after being patched.
>
> "frowned upon" means that users may have to update
> their security policy setting in pax, selinux, apparmor,
> seccomp bpf filters and who knows what else that may
> monitor and flag W&X mprotect.
>
> libc update can break systems if the new libc does W&X.
It's possible to map over pre-compiled alternative implementations,
though. Basically, we would do the patching and build time and store
the results in the file.
It works best if the variance is concentrated on a few pages, and
there are very few alternatives. For example, having two syscall APIs
and supporting threading and no-threading versions would need four
code versions in total, which is likely excessive.
More information about the Linuxppc-dev
mailing list