[rsbac] RSBAC mprotect

Javier Juan Martínez Cabezón tazok at rsbac.org
Mon Aug 22 21:59:31 CEST 2016


> 
> If READ implies EXEC on some system, we cannot catch all cases,
> because READ and WRITE together must be allowed. In my
> understanding, on X86 systems this should only happen under 64 Bit
> kernel with some 32 Bit programs. However, memory code is
> complicated and I may have missed something. Please correct me, if
> you know more than I do.
> 
> Amon.
> 
It should happen in almost all ia32 systems.

NX under PaX on ia32 only got activated when PAE was active and there
exists nx bit, I think this was because how NX was introduced, as a
PAE extension. So you could have nx bit in some pentiums but dont get
used at all if PAE were disable :S., so keys are to have NX (AFAIK in
all amd64 and in "some" 32 bit systems) and to have PAE enabled


http://www.gossamer-threads.com/lists/gentoo/hardened/180132


More information about the rsbac mailing list