On Sun, Jul 07, 2019 at 05:49:35PM +0200, Salvatore Mesoraca wrote:
> Al Viro wrote:
> >
> > On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote:
> >
> > > +#define sara_warn_or_return(err, msg) do { \
> > > + if ((sara_wxp_flags & SARA_WXP_VERBOSE))\
> > > +
From: Salvatore Mesoraca
> Sent: 06 July 2019 11:55
...
> Executable MMAP prevention works by preventing any new executable
> allocation after the dynamic libraries have been loaded. It works under the
> assumption that, when the dynamic libraries have been finished loading, the
> RELRO section
Al Viro wrote:
>
> On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote:
>
> > +#define sara_warn_or_return(err, msg) do { \
> > + if ((sara_wxp_flags & SARA_WXP_VERBOSE))\
> > + pr_wxp(msg);\
> > + if
On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote:
> +#define sara_warn_or_return(err, msg) do { \
> + if ((sara_wxp_flags & SARA_WXP_VERBOSE))\
> + pr_wxp(msg);\
> + if (!(sara_wxp_flags & SARA_WXP_COMPLAIN))
On 7/6/19 3:54 AM, Salvatore Mesoraca wrote:
> diff --git a/security/sara/Kconfig b/security/sara/Kconfig
> index b98cf27..54a96e0 100644
> --- a/security/sara/Kconfig
> +++ b/security/sara/Kconfig
> @@ -60,3 +60,77 @@ config SECURITY_SARA_NO_RUNTIME_ENABLE
>
> If unsure, answer Y.
>
>
Introduction of S.A.R.A. WX Protection.
It aims to improve user-space programs security by applying:
- W^X enforcement
- W!->X (once writable never executable) mprotect restriction
- Executable MMAP prevention
All of the above features can be enabled or disabled both system wide
or on a per
6 matches
Mail list logo