Re: [PATCH v2] module: Harden STRICT_MODULE_RWX

From: Ard Biesheuvel
Date: Thu Aug 13 2020 - 04:36:19 EST

Next message: Yu-Hsuan Hsu: "Re: [PATCH v3 2/2] ASoC: Intel: Add period size constraint on strago board"
Previous message: Oleksandr Andrushchenko: "Re: [PATCH v2 0/5] Fixes and improvements for Xen pvdrm"
In reply to: Peter Zijlstra: "Re: [PATCH v2] module: Harden STRICT_MODULE_RWX"
Next in thread: Jessica Yu: "Re: [PATCH v2] module: Harden STRICT_MODULE_RWX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 12 Aug 2020 at 22:00, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> On Wed, Aug 12, 2020 at 06:37:57PM +0200, Ard Biesheuvel wrote:
> > I know there is little we can do at this point, apart from ignoring
> > the permissions - perhaps we should just defer the w^x check until
> > after calling module_frob_arch_sections()?
>
> My earlier suggestion was to ignore it for 0-sized sections.

Only they are 1 byte sections in this case.

We override the sh_type and sh_flags explicitly for these sections at
module load time, so deferring the check seems like a reasonable
alternative to me.

Next message: Yu-Hsuan Hsu: "Re: [PATCH v3 2/2] ASoC: Intel: Add period size constraint on strago board"
Previous message: Oleksandr Andrushchenko: "Re: [PATCH v2 0/5] Fixes and improvements for Xen pvdrm"
In reply to: Peter Zijlstra: "Re: [PATCH v2] module: Harden STRICT_MODULE_RWX"
Next in thread: Jessica Yu: "Re: [PATCH v2] module: Harden STRICT_MODULE_RWX"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]