[PATCH bpf-next] bpf: Make trampolines W^X
Peter Zijlstra
peterz at infradead.org
Tue Jan 7 09:11:32 UTC 2020
On Mon, Jan 06, 2020 at 02:13:18PM -0800, Alexei Starovoitov wrote:
> On Sun, Jan 05, 2020 at 10:33:54AM +0900, Andy Lutomirski wrote:
> >
> > >> On Jan 4, 2020, at 8:03 PM, Justin Capella <justincapella at gmail.com> wrote:
> > >
> > > I'm rather ignorant about this topic but it would make sense to check prior to making executable from a security standpoint wouldn't it? (In support of the (set_memory_ro + set_memory_x)
> > >
> >
> > Maybe, depends if it’s structured in a way that’s actually helpful from a security perspective.
> >
> > It doesn’t help that set_memory_x and friends are not optimized at all. These functions are very, very, very slow and adversely affect all CPUs.
>
> That was one of the reason it wasn't done in the first.
> Also ftrace trampoline break w^x as well.
Didn't I fix that?
More information about the Linux-security-module-archive
mailing list