Something like mmalias() seems more useful: hand it a memory area and it creates an alias to it in a new VMA (and thus at a new virtual address) and hands it back to you. Then you can mprotect() it howsoever you wish.
Of course subverted code can now call this as well, but that's in general true of *any* means of allowing dynamically-generated code. If your code can do it as part of its normal operation, there's no way to statically tell if it's been subverted into doing it.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds