LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Virtual Machines and Memory Protections

Virtual Machines and Memory Protections

Posted Nov 22, 2006 6:09 UTC (Wed) by skissane (subscriber, #38675)
Parent article: Virtual Machines and Memory Protections

Related to Ulrich Drepper's proposal to double mmap a file, here is my idea: Have a new system call (maybe double_mmap). It is passed in a number of pages, which it then allocates. It then maps those pages twice into your address space, at two different addresses: at one place as read-write, at the other as read-execute. No disk space needed; virtual address space is doubled, but physical memory usage stays the same. The kernel could ensure that both virtual addresses are random. It could also ensure that no other process can get access to those address spaces. Doing this would still make JIT possible, but should give attackers a lot harder time, since they would have to guess not only where the memory to write to is, then also guess where the corresponding execute location is.

(Log in to post comments)

Virtual Machines and Memory Protections

Posted Nov 22, 2006 11:45 UTC (Wed) by nix (subscriber, #2304) [Link]

Something like mmalias() seems more useful: hand it a memory area and it creates an alias to it in a new VMA (and thus at a new virtual address) and hands it back to you. Then you can mprotect() it howsoever you wish.

Of course subverted code can now call this as well, but that's in general true of *any* means of allowing dynamically-generated code. If your code can do it as part of its normal operation, there's no way to statically tell if it's been subverted into doing it.

Virtual Machines and Memory Protections

Posted Nov 22, 2006 11:45 UTC (Wed) by nix (subscriber, #2304) [Link]

(mmalias() doesn't exist, I just made it up. Still it seems possible.)

Virtual Machines and Memory Protections

Posted Nov 22, 2006 19:18 UTC (Wed) by bluefoxicy (guest, #25366) [Link]

> Of course subverted code can now call this as well, but that's in general true of *any* means of allowing dynamically-generated code. If your code can do it as part of its normal operation, there's no way to statically tell if it's been subverted into doing it.

Exactly the point. Comment posted at http://lwn.net/Articles/210804/ goes into great detail about protecting against these attacks; but it all boils down to what you just said: If you can dynamically generate code, so can an attacker hijacking you.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds