Hmmn, I think you're assuming something I'm not...
The JIT compiler has the permission to set a page "wx", which it
employs to set the pages it writes code into as executable. When
it's actually calling mmap or mprotect, the process context is
present, and the kernel can see if it actually has the permission
before it makes the change, so arbitrary callers of mmap, mprotect
and libc can't do privilege escalation attacks.
To prevent a called library or JIT'd code from doing privilege escalation,
the compiler needs to shed any special permissions before passing
control to the compiled code. This is normal practice, rather
like doing a setuid back to the ordinary user when you're not doing
anything priviliged in security-aware programs like Samba or NFS.
Does that address the points you were referring to, or did you mean something different?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds