Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Mar 2017 12:49:10 -0700
From: Kees Cook <>
To: Russell King - ARM Linux <>
Cc: Hoeun Ryu <>, 
	"" <>, Andy Lutomirski <>, 
	PaX Team <>, Emese Revfy <>, 
	"" <>, Catalin Marinas <>, 
	Will Deacon <>, Ard Biesheuvel <>, 
	Christoffer Dall <>, Mark Rutland <>, 
	Suzuki K Poulose <>, Laura Abbott <>, 
	Hugh Dickins <>, Steve Capper <>, 
	Ganapatrao Kulkarni <>, James Morse <>, 
	Kefeng Wang <>, 
	"" <>, LKML <>

On Thu, Mar 30, 2017 at 12:45 PM, Russell King - ARM Linux
<> wrote:
> On Thu, Mar 30, 2017 at 12:38:15PM -0700, Kees Cook wrote:
>> Great work! I think this will need some further changes, though, since
>> it doesn't look to me like this would pass LKDTM's tests if it was
>> built as a module. (This is missing from my ARM attempt too... I
>> haven't figured out how to set the domain on the kernel modules...)
> You're not going to be able to do it very easily.  The only way I can
> think of achieving it would be to split the module area into one
> chunk for text, one chunk for write-rare and one chunk for data.

Well, my intention was to just make the entire module area
DOMAIN_WR_RARE. It's overly permissive in the sense that non-data
changes could be made, but this is already an improvement over either
not having this feature at all or x86's version which makes all of RAM


Kees Cook
Pixel Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.