[RFC] Stricter kernel memory permissions

Kees Cook keescook at chromium.org
Thu Oct 17 17:15:51 EDT 2013


On Tue, Oct 8, 2013 at 6:31 PM, Laura Abbott <lauraa at codeaurora.org> wrote:
> This is an RFC to add more page table protection to ARM. As has been alluded to
> in the past[1], the ARM kernel unconditionally maps everything as RWX which
> presents a security problem. This is a fairly straight port of what we've been
> using for a while for mitigation and is mostly provided as an example. Some
> notes:

On x86, there is CONFIG_X86_PTDUMP for providing a view of the kernel
page tables in /sys/kernel/debug/kernel_page_tables. Is there anything
like this for ARM? Or maybe the better question is "how are you
examining the results of your page permission changes?" :)

Thanks,

-Kees

-- 
Kees Cook
Chrome OS Security



More information about the linux-arm-kernel mailing list