linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Bodo Eggert <7eggert@gmx.de>
To: Albert Cahalan <acahalan@gmail.com>,
	William Lee Irwin III <wli@holomorphy.com>,
	linux-kernel@vger.kernel.org
Subject: Re: JIT emulator needs
Date: Thu, 21 Jun 2007 13:08:36 +0200	[thread overview]
Message-ID: <E1I1KWi-0000nV-8s@be1.lrz> (raw)
In-Reply-To: 8xYTM-3So-13@gated-at.bofh.it

Albert Cahalan <acahalan@gmail.com> wrote:
> On 6/19/07, William Lee Irwin III <wli@holomorphy.com> wrote:
>> On Fri, Jun 08, 2007 at 02:35:22AM -0400, Albert Cahalan wrote:

>>> Right now, Linux isn't all that friendly to JIT emulators.
>>> Here are the problems and suggestions to improve the situation.
>>> There is an SE Linux execmem restriction that enforces W^X.
>>> Assuming you don't wish to just disable SE Linux, there are
>>> two ugly ways around the problem. You can mmap a file twice,
>>> or you can abuse SysV shared memory. The mmap method requires
>>> that you know of a filesystem mounted rw,exec where you can
>>> write a very large temporary file. This arbitrary filesystem,
>>> rather than swap space, will be the backing store. The SysV
>>> shared memory method requires an undocumented flag and is
>>> subject to some annoying size limits. Both methods create
>>> objects that will fail to be deleted if the program dies
>>> before marking the objects for deletion.
>>
>> If the policy forbidding self-modifying code lacks a method of
>> exempting programs such as JIT interpreters (which I doubt) then
>> it's a problem. I'm with Alan on this one.
> 
> It does and it doesn't. There is not a reasonable way for a
> user to mark an app as needing full self-modifying ability.
> It's not like the executable stack, which can be set via the
> ELF note markings on the executable. (ELF note markings are
> ideal because they can not be used via a ret-to-libc attack)
> 
> With admin privs, one can change SE Linux settings. Mark the
> executable, disable the protection system-wide, generate a
> completely new SE Linux policy, or just turn SE Linux off.

According to the documents I found about SELinux, you can also
 - create a this-app-needs-selfmodification type
 - allow users to change the context type of their files to this type
 - configure a domain to allow self-modification
 - configure the domain transition

Brave words from someone who did not yet successfully find the magic in
order to install the refpolicy on debilian (after finding their refpolicy-foo
to be incomplete and their refpolicy-src to not compile).
-- 
Why do women have smaller feet than men?
It's one of those "evolutionary things" that allows them to stand
closer to the kitchen sink.
Friß, Spammer: Jy@jRwxq.7eggert.dyndns.org d-afnhbe@p9J.7eggert.dyndns.org

       reply	other threads:[~2007-06-21 11:08 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <8tGiE-2Hv-1@gated-at.bofh.it>
     [not found] ` <8xNvm-2Tw-29@gated-at.bofh.it>
     [not found]   ` <8xYTM-3So-13@gated-at.bofh.it>
2007-06-21 11:08     ` Bodo Eggert [this message]
2007-06-08  6:35 JIT emulator needs Albert Cahalan
2007-06-08  7:09 ` Eric Dumazet
2007-06-09  4:12   ` Albert Cahalan
2007-06-08 11:10 ` Alan Cox
2007-06-08 16:35   ` Nicholas Miell
2007-06-09  5:17   ` Albert Cahalan
2007-06-09 20:00 ` H. Peter Anvin
2007-06-19 15:08 ` William Lee Irwin III
2007-06-20  3:16   ` Albert Cahalan
2007-06-20 16:01     ` William Lee Irwin III
2007-06-20 16:37       ` H. Peter Anvin
2007-06-20 17:54         ` William Lee Irwin III
2007-06-20 18:23           ` H. Peter Anvin
2007-06-20 18:25         ` Albert Cahalan
2007-06-20 18:51           ` H. Peter Anvin
2007-06-21  3:21             ` Albert Cahalan
2007-06-21  3:32               ` H. Peter Anvin
2007-06-21  7:38                 ` Albert Cahalan
2007-06-20 18:43       ` Albert Cahalan
2007-06-23  3:52   ` Kyle Moffett
2007-06-24  4:14     ` William Lee Irwin III
2007-06-21 17:44 ` Arjan van de Ven
2007-06-22  5:56   ` Albert Cahalan
2007-06-22 13:43     ` Arjan van de Ven
2007-06-22 14:32       ` Albert Cahalan
2007-06-22 14:42         ` Arjan van de Ven
2007-06-23  2:30           ` Albert Cahalan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E1I1KWi-0000nV-8s@be1.lrz \
    --to=7eggert@gmx.de \
    --cc=acahalan@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=wli@holomorphy.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).