another question - VM mappings
Oliver Pinter
oliver.pinter at hardenedbsd.org
Mon Apr 13 11:25:13 UTC 2015
Under amd64 exists an so called shared-page - similar to linux's vdso
mechanism - https://github.com/freebsd/freebsd/blob/master/sys/kern/kern_exec.c#L1045
.
This page is double mapped with user-space and with kernel. From
security reason it's only RO, otherwise, when mapped with RW or RWX,
then you could write kernel memory from user-space.
On Mon, Apr 13, 2015 at 9:31 AM, Wojciech Puchar <wojtek at puchar.net> wrote:
> below is mapping for very simple process (no libc etc)
>
> [wojtek at laptop ~]$ procstat -v 917
> PID START END PRT RES PRES REF SHD FL TP
> PATH
> 917 0x400000 0x401000 r-x 1 0 1 0 CN-- vn
> /home/wojtek/test/1
> 917 0x600000 0x601000 rw- 1 0 1 0 ---- df
> 917 0x7ffffffdf000 0x7ffffffff000 rw- 1 0 1 0 ---D df
> 917 0x7ffffffff000 0x800000000000 r-x 0 0 39 0 ---- ph
>
>
> what is "ph" mapping and why read&executable?
More information about the freebsd-hackers
mailing list