tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PAX mprotect and JIT



On Sun, Feb 26, 2017 at 03:20:17PM +0000, Taylor R Campbell wrote:
> > Date: Sat, 25 Feb 2017 22:35:27 +0100
> > From: Joerg Sonnenberger <joerg%bec.de@localhost>
> > 
> > (1) Implement a new flag for mremap to allow duplicating a mapping
> > (M_REMAPDUP). This patch is functional by itself.
> 
> Can we make this opt-in at mmap time -- that is, require you to have
> specified MAP_REMAPDUP to mmap on a region in order to use it for
> mremap on that region?  That way this introduces no new attack surface
> for mappings that were not intended to be used with it in the first
> place.

I don't think duplicating the mapping by itself creates any new attack
surface. The better question is what the permissions should be. I'd far
prefer that mmap has to request support for executable ahead of time.
That doesn't work too well with the current pax logic though and there
are some general questions of whether the interface is correct. E.g. if
I request RWX for mmap, should we really silently drop the X from the
effective permissions? I think a separate flag to make it RWx is better.
That should address your concern as well.

Joerg


Home | Main Index | Thread Index | Old Index