Date: Tue, 21 Apr 2020 11:57:00 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: Nicholas Piggin <npiggin@...il.com> Cc: Rich Felker <dalias@...c.org>, Nicholas Piggin via Libc-alpha <libc-alpha@...rceware.org>, libc-dev@...ts.llvm.org, linuxppc-dev@...ts.ozlabs.org, musl@...ts.openwall.com Subject: Re: Powerpc Linux 'scv' system call ABI proposal take 2 * Szabolcs Nagy: > * Nicholas Piggin <npiggin@...il.com> [2020-04-20 12:08:36 +1000]: >> Excerpts from Rich Felker's message of April 20, 2020 11:29 am: >> > Also, allowing patching of executable pages is generally frowned upon >> > these days because W^X is a desirable hardening property. >> >> Right, it would want be write-protected after being patched. > > "frowned upon" means that users may have to update > their security policy setting in pax, selinux, apparmor, > seccomp bpf filters and who knows what else that may > monitor and flag W&X mprotect. > > libc update can break systems if the new libc does W&X. It's possible to map over pre-compiled alternative implementations, though. Basically, we would do the patching and build time and store the results in the file. It works best if the variance is concentrated on a few pages, and there are very few alternatives. For example, having two syscall APIs and supporting threading and no-threading versions would need four code versions in total, which is likely excessive.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.