On 17 Feb 2016 at 15:48, Kees Cook wrote: > On Wed, Feb 17, 2016 at 3:43 PM, David Brown <david.brown@xxxxxxxxxx> wrote: > > Is there a possible future consideration to perhaps make .rodata read > > only much earlier? > > Yeah, this will likely be a future improvement. Some architectures > already mark .rodata before the mark_rodata_ro() call. Once we start > to have more use of postinit-readonly, I suspect we'll see more > clarification of when those things happen. FYI, PaX had enforced early rodata on i386 during the 2.4 series (i.e., decade+ ago) but i abandoned it for 2.6 due to the maintenance burden coupled with its low benefit... -- To unsubscribe from this list: send the line "unsubscribe linux-arch" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
