Date: Thu, 6 Feb 2020 15:41:07 -0800 From: Ihor Antonov <ihor@antonovs.family> To: freebsd-questions@freebsd.org Subject: W^X in 13 Message-ID: <20200206234107.7lc2wcau4gdnjn7r@sea-ll-10936>
next in thread | raw e-mail | index | archive | help
Hi everyone I was reading FreeBSD Journal [1] "Improving Memory Permissions in FreeBSD" by Brooks Davis the followin paragraph intrigued me: > FreeBSD does not currently support W^X, but work is in progress. The main > difficulty has been implementing an appropriate framework for tagging bina- > ries that must opt out and providing mechanisms to test opting in or out. We > have now added a general mechanism (and ELF note) for setting opt-in and > opt-out bits in binaries as well as flags in procctl which allow features to > be enabled or disabled in a given execution of a program. We expect to have > W^X available in FreeBSD 13 and hope to have it enabled by default (at least > for new programs). The latter part will depend on our confidence in testing > existing software. FreeBSD is often criticised for lacking basic mitigation mechanisms and having W^X in addition to ASLR is a great news. I tried to find more information on the topic, but so far I found [2] and [3] only. Where can I get more information about the ongoing W^X work? If you know something please share! [1] https://www.freebsdfoundation.org/past-issues/security-3/ [2] https://www.freebsd.org/news/status/report-2019-07-2019-09.html#Kernel-Mapping-Protections [3] https://www.freebsd.org/news/status/report-2019-07-2019-09.html#PROT_MAX-mmap/mprotect-maximum-protections-API Thanks! ------------ Ihor Antonov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200206234107.7lc2wcau4gdnjn7r>