On Fri, May 13, 2016 at 05:42:55PM +0200, Maxime Villard wrote: > Initially, two chunks were mapped contiguously in both amd64 and i386: > - text+rodata with RX permissions
Thanks for the detailed explanation. What I still don't get is why you seem to think that an additional X in the mapping for .rodata is so terrible - as long as there is no W I don't see the additional attack vector you are trying to elliminate. If the separate mapping just falls out from other cleanup/optimizations, then of course it is fine and more correct. But out of gut feeling I wouldn't have thought it to be important in any way (and other architectures treat is as RX too, so should they take a hint from this?) Martin
