Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#41347 - [linux] 3.16.x enable RO/NX protection for kernel modules
Attached to Project:
Arch Linux
Opened by Daniel Micay (thestinger) - Saturday, 26 July 2014, 08:27 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 13 August 2014, 15:32 GMT
Opened by Daniel Micay (thestinger) - Saturday, 26 July 2014, 08:27 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 13 August 2014, 15:32 GMT
|
DetailsThe CONFIG_DEBUG_RODATA option is already enabled, adding enforced write protection for constant data in the core kernel. It would be nice to enable CONFIG_DEBUG_SET_MODULE_RONX too for the same protections in kernel modules.
It's a somewhat useful exploit mitigation along with catching bugs earlier. The cost is a bit of extra memory usage for modules due to the sections needing to be aligned to page boundaries. Debian, Fedora, OpenSUSE and Ubuntu enable this so it's unlikely to cause any issues. http://thread.gmane.org/gmane.linux.kernel/945148 |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Wednesday, 13 August 2014, 15:32 GMT
Reason for closing: Fixed
Additional comments about closing: on trunk
Wednesday, 13 August 2014, 15:32 GMT
Reason for closing: Fixed
Additional comments about closing: on trunk