kernelnewbies.kernelnewbies.org archive mirror
 help / color / mirror / Atom feed
From: Lev Olshvang <levonshe@yandex.com>
To: kernelnewbies <kernelnewbies@kernelnewbies.org>,
	linux-il <linux-il@cs.huji.ac.il>
Subject: Security-What can be done in kernel to disable forever executable memory modificaton
Date: Sat, 12 Jan 2019 16:19:00 +0300	[thread overview]
Message-ID: <589971547299140@myt5-f9d71769b752.qloud-c.yandex.net> (raw)

Hi All,



The fact that the text segment could be modified is bad news from the security standpoint.
For example, in order to set a breakpoint GDB should map a text segment with MAP_PRIVATE flag which allows kernel to ignore the dirty bit that MMU  sets on this page.

Somewhere in the middle of this mapping,  perhaps in mprotect,  permission bits of  page's PTE entry are modified as well from their original RO+X   to RWX
I am not sure whether it is actually happening, perhaps instead new pages are allocated, sort of COW (copy on write).

And here I am getting to the point :

Is there any way to disable the change of permission bits of PTE? Is it possible in the hardware (ARM) or should kernel be patched?

Regards to  All,

Happy new year.

Lev. 


_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

             reply	other threads:[~2019-01-12 13:19 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-12 13:19 Lev Olshvang [this message]
2019-01-12 19:54 ` Security-What can be done in kernel to disable forever executable memory modificaton valdis.kletnieks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=589971547299140@myt5-f9d71769b752.qloud-c.yandex.net \
    --to=levonshe@yandex.com \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=linux-il@cs.huji.ac.il \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).