On 03.04.2019 1:31, Matthew Garrett wrote:
On Fri, Mar 29, 2019 at 5:50 AM Igor Zhbanov <i.zhbanov@xxxxxxxxxxxx> wrote:
I want to be sure that no unsigned code page could be executed. So
exploits could only be of ROP kind and not being able to download
any extra code from their servers. That's why I found that
disabling of anonymous executable pages could be useful for that
(as well as disabling of making executable pages writable to modify
already mapped code). In conjunction with IMA it should guarantee
that no untrusted code could be executed.
Remember that many interpreted languages allow execution of code
provided to them on the command line (eg, python -c) and also grant
access to arbitrary syscalls, so there's still no guarantee that
you're only executing trusted code.
Yes. But in some installations you can get rid of interpreters at all or limit
the number of scripts they can open. For example you can require that all
scripts have to be signed.
And having this feature as a per-process you could still limit the attack
surface by restricting e.g. network services as they are constantly attacked.
So are you saying that this feature doesn't worth to make it?
