Security-What can be done in kernel to disable forever executable memory modificaton

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Sat Jan 12 14:54:09 EST 2019


On Sat, 12 Jan 2019 16:19:00 +0300, Lev Olshvang said:

> The fact that the text segment could be modified is bad news from the
> security standpoint.

We've known that for at least a decade now. Maybe longer. And we
already had this discussion once, about a week ago.

> I am not sure whether it is actually happening, perhaps instead new pages are
> allocated, sort of COW (copy on write).

In which case, you should probably stop and verify if it's happening.

> And here I am getting to the point :

> Is there any way to disable the change of permission bits of PTE? Is it
> possible in the hardware (ARM) or should kernel be patched?

Are you sure you want to disable *all* changes of a PTE?
Hint: Figure out how shared libraries are loaded before you go any further.



More information about the Kernelnewbies mailing list