Kernel Newbies archive on lore.kernel.org
 help / Atom feed
* Security-What can be done in kernel to disable forever executable memory modificaton
@ 2019-01-12 13:19 Lev Olshvang
  2019-01-12 19:54 ` valdis.kletnieks
  0 siblings, 1 reply; 2+ messages in thread
From: Lev Olshvang @ 2019-01-12 13:19 UTC (permalink / raw)
  To: kernelnewbies, linux-il

Hi All,



The fact that the text segment could be modified is bad news from the security standpoint.
For example, in order to set a breakpoint GDB should map a text segment with MAP_PRIVATE flag which allows kernel to ignore the dirty bit that MMU  sets on this page.

Somewhere in the middle of this mapping,  perhaps in mprotect,  permission bits of  page's PTE entry are modified as well from their original RO+X   to RWX
I am not sure whether it is actually happening, perhaps instead new pages are allocated, sort of COW (copy on write).

And here I am getting to the point :

Is there any way to disable the change of permission bits of PTE? Is it possible in the hardware (ARM) or should kernel be patched?

Regards to  All,

Happy new year.

Lev. 


_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Security-What can be done in kernel to disable forever executable memory modificaton
  2019-01-12 13:19 Security-What can be done in kernel to disable forever executable memory modificaton Lev Olshvang
@ 2019-01-12 19:54 ` valdis.kletnieks
  0 siblings, 0 replies; 2+ messages in thread
From: valdis.kletnieks @ 2019-01-12 19:54 UTC (permalink / raw)
  To: Lev Olshvang; +Cc: linux-il, kernelnewbies

On Sat, 12 Jan 2019 16:19:00 +0300, Lev Olshvang said:

> The fact that the text segment could be modified is bad news from the
> security standpoint.

We've known that for at least a decade now. Maybe longer. And we
already had this discussion once, about a week ago.

> I am not sure whether it is actually happening, perhaps instead new pages are
> allocated, sort of COW (copy on write).

In which case, you should probably stop and verify if it's happening.

> And here I am getting to the point :

> Is there any way to disable the change of permission bits of PTE? Is it
> possible in the hardware (ARM) or should kernel be patched?

Are you sure you want to disable *all* changes of a PTE?
Hint: Figure out how shared libraries are loaded before you go any further.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-12 13:19 Security-What can be done in kernel to disable forever executable memory modificaton Lev Olshvang
2019-01-12 19:54 ` valdis.kletnieks

Kernel Newbies archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernelnewbies/0 kernelnewbies/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernelnewbies kernelnewbies/ https://lore.kernel.org/kernelnewbies \
		kernelnewbies@kernelnewbies.org kernelnewbies@archiver.kernel.org
	public-inbox-index kernelnewbies


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernelnewbies.kernelnewbies


AGPL code for this site: git clone https://public-inbox.org/ public-inbox