Why don't they just force the use of the no-execute page table (on processors that support it) for all kernel mappings of user space?
Perhaps that would destroy the performance benefits of sharing the VM information between kernel & user space (since the flag would have to be toggled on & off).
Then there would be no way cause the execution of user code even if there are additional missing NULL pointer checks?
There's also "return-oriented programming", a technique for breaking into even suchly configured machines.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds