Hi All, The fact that the text segment could be modified is bad news from the security standpoint. For example, in order to set a breakpoint GDB should map a text segment with MAP_PRIVATE flag which allows kernel to ignore the dirty bit that MMU sets on this page. Somewhere in the middle of this mapping, perhaps in mprotect, permission bits of page's PTE entry are modified as well from their original RO+X to RWX I am not sure whether it is actually happening, perhaps instead new pages are allocated, sort of COW (copy on write). And here I am getting to the point : Is there any way to disable the change of permission bits of PTE? Is it possible in the hardware (ARM) or should kernel be patched? Regards to All, Happy new year. Lev. _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
