Testing wanted: execute-only on amd64

by

Author:
Source

Sponsored:

Working in Public: The Making and Maintenance of Open Source Software - Audiobook

Unlock the Digital Creator Code!

On the
tech@ mailing list,
Theo de Raadt (deraadt@)
has issued a
request for testing
of patch(es) for execute-only (xonly)
binaries on amd64.
The message is quite long, but well worth reading in its entirety
for those interested.
Selected highlights include:

Some of you have probably noticed activity about "xonly" happening
to a bunch of architectures.  First arm64, then riscv64, then hppa,
and ongoing efforts with octeon, sparc64 (sun4u only), and more of this
is going to come in the future.

Like past work decades ago (and I suppose continually also) on W^X, and
increasing use of c, the idea here is to have code (text segments)
not be readable.  Or in a more generic sense, if you mprotect a region
with only PROT_EXEC, it is not readable.
[…]

But most of us have amd64 machines.  Thrilling news:

Read more…

Read more

Related Posts: