Re: [PATCH 26/26] x86, pkeys: Documentation
From: Ingo Molnar
Date: Fri Sep 25 2015 - 02:16:00 EST
* Dave Hansen <dave@xxxxxxxx> wrote:
> > I.e. AFAICS pkeys could be used to create true '--x' permissions for executable
> > (user-space) pages.
> Just remember that all of the protections are dependent on the contents of PKRU.
> If an attacker controls the Access-Disable bit in PKRU for the executable-only
> region, you're sunk.
The same is true if the attacker can execute mprotect() calls.
> But, that either requires being able to construct and execute arbitrary code
> *or* call existing code that sets PKRU to the desired values. Which, I guess,
> gets harder to do if all of the the wrpkru's are *in* the execute-only area.
Exactly. True --x executable regions makes it harder to 'upgrade' limited attacks.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/