Theo de Raadt <[email protected]> writes: >> IIUC they would differ on OSes where libffi can't get a single mapping >> with both W and X access. On those OSes libffi uses a workaround, two >> mappings are allocated one with RW, the other with RX. While we want to >> disable RWX on OpenBSD as an end goal, I don't think we want to let >> libffi use this hack, 'cause it it basically the same as RWX. > > Yes we do. > > In general, shadow mappings are probably less attackable on a case > to case basis. Pure RWX mappings are worse. > > The roadmap is to remove as much RWX as possible. If we can split > some RWX uses off into shadow mappings, that is progress. At least > code using shadow mappings is half-ready for using mprotect correctly.
Then the diff for src/closures.c should be different: it should ensure that libffi uses dlmmap_locked(). -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
