On Fri, 19 Apr 2019, Jethro Beekman wrote: > On 2019-04-19 08:27, Andy Lutomirski wrote: > > There are many, > > many Linux systems that enforce a policy that *all* executable text > > needs to come from a verified source. On these systems, you can't > > mmap some writable memory, write to it, and then change it to > > executable. > > How is this implemented on those systems? AFAIK there's no kernel config > option that changes the semantics of mmap as you describe. That has nothing to do with mmap() semantics. You mmap() writeable memory and then you change the permissions via mprotect(). mprotect() calls into LSM and depending on policy and security model this will reject the request. Andy was pointing out that the SGX ioctl bypasses the LSM mechanics which is obviously a bad thing. Thanks, tglx
