kernel-hardening - Re: [PATCH] arm64: mm: Mark .rodata as RO

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 16 Feb 2016 10:48:31 -0800
From: Laura Abbott <laura@...bott.name>
To: Kees Cook <keescook@...omium.org>, Mark Rutland <mark.rutland@....com>
Cc: Jeremy Linton <jeremy.linton@....com>,
 "linux-arm-kernel@...ts.infradead.org"
 <linux-arm-kernel@...ts.infradead.org>,
 Ard Biesheuvel <ard.biesheuvel@...aro.org>,
 "Suzuki K. Poulose" <suzuki.poulose@....com>,
 Will Deacon <will.deacon@....com>, Catalin Marinas
 <catalin.marinas@....com>,
 "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: [PATCH] arm64: mm: Mark .rodata as RO

On 2/16/16 10:10 AM, Kees Cook wrote:
> On Fri, Feb 12, 2016 at 10:25 AM, Mark Rutland <mark.rutland@....com> wrote:
>> On Fri, Feb 12, 2016 at 10:13:19AM -0600, Jeremy Linton wrote:
>>> Currently the .rodata section is actually still executable when DEBUG_RODATA
>>> is enabled. This changes that so the .rodata is actually read only, no execute.
>>>
>>> Signed-off-by: Jeremy Linton <jeremy.linton@....com>
>
> Yikes, good catch. Is anyone running the lkdtm tests that check these things?
>

I don't think the current lkdtm test would have caught this since the exec
test is using rw data and not ro data. That test could be expanded though
to include a rodata buffer as well.

Thanks,
Laura

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.