[PATCH] D42897: MSan : Adding mmap W|X flag usage optional detection
David CARLIER via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sun Feb 4 14:17:38 PST 2018
devnexen added a comment.
In https://reviews.llvm.org/D42897#997428, @krytarowski wrote:
> In https://reviews.llvm.org/D42897#997426, @devnexen wrote:
>
> > In https://reviews.llvm.org/D42897#997425, @krytarowski wrote:
> >
> > > I think this is a wrong layer for detecting W|X mapping.
> > >
> > > This is for FreeBSD in mind, correct?
> >
> >
> > It has nothing to do with operating systems, it s general topic (e.,g. W|X mapping can possibly lead to JIT ROP's like attacks).
>
>
> This is hardened by existing kernels.
>
> NetBSD has PaX MPROTECT enabled by default.
> OpenBSD has W^X.
> grsecurity/Linux has something similar.
>
> As far as I can tell Apple pushes for W^X on evbarm64.
>
> We have enough portability pain in LLVM with sys::Memory that is a wrapper for mmap(2). We want to delete it and replace with a less low-lever interface.
>
> Going this route in MSan will be even worse pain. I recommend to harden your kernel directly as mmap(2) isn't so portable. FreeBSD planned to introduce a new replacement for this interface with an option for at least ASLR.
>
> The mmap_prot_write_exec.cc program will break as is on NetBSD.
I knew for OpenBSD but ignored for NetBSD, good to know. Well it is ok if it s not accepted :-) I m happy enough the static analyser part is going through.
Repository:
rCRT Compiler Runtime
https://reviews.llvm.org/D42897
More information about the llvm-commits
mailing list