Re: [PATCH 26/26] x86, pkeys: Documentation

From: Ingo Molnar
Date: Fri Sep 25 2015 - 02:16:00 EST

Next message: David Howells: "Re: Linux 4.3-rc1 build error on CentOS 5.11 "scripts/sign-file.c:23:25: fatal error: openssl/cms.h: No such file or directory""
Previous message: Namhyung Kim: "Re: [PATCH/RFC] perf buildid: Cache kernel DSO created when reading buildid header table"
In reply to: Ingo Molnar: "Re: [PATCH 26/26] x86, pkeys: Documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Dave Hansen <dave@xxxxxxxx> wrote:

> > I.e. AFAICS pkeys could be used to create true '--x' permissions for executable
> > (user-space) pages.
>
> Just remember that all of the protections are dependent on the contents of PKRU.
> If an attacker controls the Access-Disable bit in PKRU for the executable-only
> region, you're sunk.

The same is true if the attacker can execute mprotect() calls.

> But, that either requires being able to construct and execute arbitrary code
> *or* call existing code that sets PKRU to the desired values. Which, I guess,
> gets harder to do if all of the the wrpkru's are *in* the execute-only area.

Exactly. True --x executable regions makes it harder to 'upgrade' limited attacks.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Howells: "Re: Linux 4.3-rc1 build error on CentOS 5.11 "scripts/sign-file.c:23:25: fatal error: openssl/cms.h: No such file or directory""
Previous message: Namhyung Kim: "Re: [PATCH/RFC] perf buildid: Cache kernel DSO created when reading buildid header table"
In reply to: Ingo Molnar: "Re: [PATCH 26/26] x86, pkeys: Documentation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]