W^X in 13
Ihor Antonov
ihor at antonovs.family
Thu Feb 6 23:41:17 UTC 2020
Hi everyone
I was reading FreeBSD Journal [1] "Improving Memory Permissions in
FreeBSD" by Brooks Davis the followin paragraph intrigued me:
> FreeBSD does not currently support W^X, but work is in progress. The main
> difficulty has been implementing an appropriate framework for tagging bina-
> ries that must opt out and providing mechanisms to test opting in or out. We
> have now added a general mechanism (and ELF note) for setting opt-in and
> opt-out bits in binaries as well as flags in procctl which allow features to
> be enabled or disabled in a given execution of a program. We expect to have
> W^X available in FreeBSD 13 and hope to have it enabled by default (at least
> for new programs). The latter part will depend on our confidence in testing
> existing software.
FreeBSD is often criticised for lacking basic mitigation mechanisms and
having W^X in addition to ASLR is a great news. I tried to find more
information on the topic, but so far I found [2] and [3] only.
Where can I get more information about the ongoing W^X work? If you know
something please share!
[1] https://www.freebsdfoundation.org/past-issues/security-3/
[2] https://www.freebsd.org/news/status/report-2019-07-2019-09.html#Kernel-Mapping-Protections
[3] https://www.freebsd.org/news/status/report-2019-07-2019-09.html#PROT_MAX-mmap/mprotect-maximum-protections-API
Thanks!
------------
Ihor Antonov
More information about the freebsd-questions
mailing list