Re: [PATCH 26/26] x86, pkeys: Documentation

From: Ingo Molnar
Date: Fri Sep 25 2015 - 02:16:00 EST

* Dave Hansen <dave@xxxxxxxx> wrote:

> > I.e. AFAICS pkeys could be used to create true '--x' permissions for executable
> > (user-space) pages.
> Just remember that all of the protections are dependent on the contents of PKRU.
> If an attacker controls the Access-Disable bit in PKRU for the executable-only
> region, you're sunk.

The same is true if the attacker can execute mprotect() calls.

> But, that either requires being able to construct and execute arbitrary code
> *or* call existing code that sets PKRU to the desired values. Which, I guess,
> gets harder to do if all of the the wrpkru's are *in* the execute-only area.

Exactly. True --x executable regions makes it harder to 'upgrade' limited attacks.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at