Security-What can be done in kernel to disable forever executable memory modificaton
valdis.kletnieks at vt.edu
valdis.kletnieks at vt.edu
Sat Jan 12 14:54:09 EST 2019
On Sat, 12 Jan 2019 16:19:00 +0300, Lev Olshvang said:
> The fact that the text segment could be modified is bad news from the
> security standpoint.
We've known that for at least a decade now. Maybe longer. And we
already had this discussion once, about a week ago.
> I am not sure whether it is actually happening, perhaps instead new pages are
> allocated, sort of COW (copy on write).
In which case, you should probably stop and verify if it's happening.
> And here I am getting to the point :
> Is there any way to disable the change of permission bits of PTE? Is it
> possible in the hardware (ARM) or should kernel be patched?
Are you sure you want to disable *all* changes of a PTE?
Hint: Figure out how shared libraries are loaded before you go any further.
More information about the Kernelnewbies
mailing list