[rsbac] RSBAC mprotect
Javier Juan Martínez Cabezón
tazok at rsbac.org
Mon Aug 22 21:59:31 CEST 2016
>
> If READ implies EXEC on some system, we cannot catch all cases,
> because READ and WRITE together must be allowed. In my
> understanding, on X86 systems this should only happen under 64 Bit
> kernel with some 32 Bit programs. However, memory code is
> complicated and I may have missed something. Please correct me, if
> you know more than I do.
>
> Amon.
>
It should happen in almost all ia32 systems.
NX under PaX on ia32 only got activated when PAE was active and there
exists nx bit, I think this was because how NX was introduced, as a
PAE extension. So you could have nx bit in some pentiums but dont get
used at all if PAE were disable :S., so keys are to have NX (AFAIK in
all amd64 and in "some" 32 bit systems) and to have PAE enabled
http://www.gossamer-threads.com/lists/gentoo/hardened/180132
More information about the rsbac
mailing list