On Sun, Feb 26, 2017 at 10:30:05AM +0100, Martin Husemann wrote: > > (2) A hack for allow mprotect to switch between W and X, but still > > honoring W^X. This is a hack and needs to be carefully rethought, > > since I believe the way pax is currently implemented is wrong. Consider > > it a PoC. > > Wouldn't it be better to create a variant of mremap() that allows > specifying the new protection flags and only allow a W^X toggle in > the M_REMAPDUP case?
The mremap() dance is only desirable for multi-threaded JIT. If you compile a module at a time before making it visible, just a plain mprotect is enough. Joerg