On Sat, Feb 25, 2017 at 10:35:27PM +0100, Joerg Sonnenberger wrote: > I've attached three patches to this mail: > (1) Implement a new flag for mremap to allow duplicating a mapping > (M_REMAPDUP). This patch is functional by itself.
I like this part. > (2) A hack for allow mprotect to switch between W and X, but still > honoring W^X. This is a hack and needs to be carefully rethought, > since I believe the way pax is currently implemented is wrong. Consider > it a PoC. Wouldn't it be better to create a variant of mremap() that allows specifying the new protection flags and only allow a W^X toggle in the M_REMAPDUP case? It is not a big improvement, but feels slightly harder to exploit. > I find the availability of two separate mappings quite an acceptable > compromise. Indeed. Martin
