Should mprotect(..., PROT_EXEC) be checked by IMA?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

I've found that IMA checks for executable mmap()s but not for the combination
of mmap(..., PROT_READ, ...) + mprotect(..., PROT_EXEC).

So it looks like is possible to load arbitrary executable code by rewriting
dlopen() and dlsym() functions to map all ELF segments read-only first then
making them executable with mprotect().

So should security_file_mprotect() be changed similarly
to security_mmap_file() to call IMA security hook?

Thanks.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux