On 09.05.2019 18:39, Richard Henderson wrote: > On 5/8/19 11:47 PM, Gerd Hoffmann wrote: >> So, from looking at the patch it seems you need two mappings of the same >> page, one writable and one executable. >> >> Or, maybe it is also possible with one mapping which is writable first >> when you fill it with code, then gets flipped over to executable when >> you are done with the initialization and want use it. >> >> Is that correct? > > That's certainly the way I read that patch. > >> I suspect supporting that in tcg isn't exactly trivial. > > It shouldn't be too hard, if required. All of the writing to the buffer is > isolated to a couple of inline functions. > > I do wonder if using paxctl -m as a part of the build process for affected > *BSD > isn't just as easy? >
paxctl(8) is available only for NetBSD. paxctl(8) is the last resort solution and shall be avoided due to a security risk. Only few exceptions shall be allowed to switch mapping protection or request RWX mappings (mainly JIT and a process running under a debugger). > > r~ >
signature.asc
Description: OpenPGP digital signature
