On Sat, Nov 12, 2005 at 02:57:02AM +0800, Coywolf Qi Hunt wrote:
> And we could also mark text section read-only and data/stack section
> noexec if NX is supported. But I doubt the whole thing would really
> help much. Kill the kernel thread? We can't. We only run into a panic.
> Anyway I'd attach a quick patch to mark text section read only in the
> next mail.
>
> If it's ok, I'd add Kconfig support. Comments?
Signed-off-by: Coywolf Qi Hunt <[email protected]>
---
diff -pruN 2.6.14-mm2/init/main.c 2.6.14-mm2-cy/init/main.c
--- 2.6.14-mm2/init/main.c 2005-11-11 22:34:21.000000000 +0800
+++ 2.6.14-mm2-cy/init/main.c 2005-11-12 02:50:45.000000000 +0800
@@ -660,6 +660,18 @@ static inline void fixup_cpu_present_map
#endif
}
+void mark_text_ro(void)
+{
+ unsigned long addr = (unsigned long)&_text;
+
+ for (; addr < (unsigned long)&_etext; addr += PAGE_SIZE)
+ change_page_attr(virt_to_page(addr), 1, PAGE_KERNEL_RO);
+
+ printk ("Write protecting the kernel text data: %luk\n",
+ (unsigned long)(_etext - _text) >> 10);
+ global_flush_tlb();
+}
+
static int init(void * unused)
{
lock_kernel();
@@ -716,6 +728,7 @@ static int init(void * unused)
*/
free_initmem();
unlock_kernel();
+ mark_text_ro();
mark_rodata_ro();
system_state = SYSTEM_RUNNING;
numa_default_policy();
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]