Should mprotect(..., PROT_EXEC) be checked by IMA?
Igor Zhbanov
i.zhbanov at omprussia.ru
Wed Apr 3 09:59:24 UTC 2019
On 03.04.2019 1:31, Matthew Garrett wrote:
> On Fri, Mar 29, 2019 at 5:50 AM Igor Zhbanov <i.zhbanov at omprussia.ru> wrote:
>> I want to be sure that no unsigned code page could be executed. So
>> exploits could only be of ROP kind and not being able to download
>> any extra code from their servers. That's why I found that
>> disabling of anonymous executable pages could be useful for that
>> (as well as disabling of making executable pages writable to modify
>> already mapped code). In conjunction with IMA it should guarantee
>> that no untrusted code could be executed.
>
> Remember that many interpreted languages allow execution of code
> provided to them on the command line (eg, python -c) and also grant
> access to arbitrary syscalls, so there's still no guarantee that
> you're only executing trusted code.
Yes. But in some installations you can get rid of interpreters at all or limit
the number of scripts they can open. For example you can require that all
scripts have to be signed.
And having this feature as a per-process you could still limit the attack
surface by restricting e.g. network services as they are constantly attacked.
So are you saying that this feature doesn't worth to make it?
More information about the Linux-security-module-archive
mailing list