* Dave Hansen <dave@xxxxxxxx> wrote: > > I.e. AFAICS pkeys could be used to create true '--x' permissions for executable > > (user-space) pages. > > Just remember that all of the protections are dependent on the contents of PKRU. > If an attacker controls the Access-Disable bit in PKRU for the executable-only > region, you're sunk. The same is true if the attacker can execute mprotect() calls. > But, that either requires being able to construct and execute arbitrary code > *or* call existing code that sets PKRU to the desired values. Which, I guess, > gets harder to do if all of the the wrpkru's are *in* the execute-only area. Exactly. True --x executable regions makes it harder to 'upgrade' limited attacks. Thanks, Ingo -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>