Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Feb 2016 12:53:25 -0800
From: Kees Cook <>
To: PaX Team <>
Cc: Ard Biesheuvel <>, Laura Abbott <>, 
	Greg Kroah-Hartman <>, Mark Rutland <>, 
	Jeremy Linton <>, Arnd Bergmann <>, 
	"" <>, LKML <>
Subject: Re: [PATCH] lkdtm: add test for executing .rodata

On Mon, Feb 22, 2016 at 3:21 PM, PaX Team <> wrote:
> On 22 Feb 2016 at 12:46, Kees Cook wrote:
>> GCC really wants to declare the section. :(
> hmm, i see, so how about going about it another way. instead of trying
> to do this at compile/link time, do it an load/runtime. one way of doing
> it would be to preserve a page in .rodata then map in a code page underneath
> that holds your empty function (which you can generate from C). it'd be
> somewhat similar to how the vsyscall page on amd64 is mapped (or used to
> be mapped) from the kernel image into its userland visible place.

I prefer using all the "regular" mechanisms so that I really know I'm
exercising the actual case I want to be testing. (i.e. I don't want to
bypass the linker.)

If only there were some way to filter gcc output, like with plugins. ;)


Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.