Kernel reports "3.0.6-1 SMP mod_unload 686 CONSTIFY_PLUGIN GRSEC ".
Is there any reason for placing CONSTIFY_PLUGIN in this magic string?
I mean why constified kernel shouldn't be able to load non-constified modules? (It should work fine, just no protection for modules - right?)
CONSTIFY_PLUGIN polluting magic string
3 posts
• Page 1 of 1
CONSTIFY_PLUGIN polluting magic string
by arekm » Fri Oct 14, 2011 7:10 am
- arekm
- Posts: 23
- Joined: Mon Mar 30, 2009 5:30 am
Re: CONSTIFY_PLUGIN polluting magic string
by PaX Team » Fri Oct 14, 2011 9:01 am
no, it would not work rightarekm wrote:I mean why constified kernel shouldn't be able to load non-constified modules? (It should work fine, just no protection for modules - right?)
. imagine that the external module tries to write to an ops structure that is writable under a normal kernel, but read-only on a constified kernel. if the module is compiled without the consitify plugin, you'll get a nice runtime oops when it actually tries to write to this ops structure vs. a compile time error when you can easily see what it's trying to do and patch it appropriately.- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: CONSTIFY_PLUGIN polluting magic string
by arekm » Fri Oct 14, 2011 2:25 pm
Bad then, have to disable constify - patching external modules is too big pain :-/ Or drop constify from magic string and pray that external modules don't write in these places.
One way or another - it's a mess.
Upstream constify thing as soon as possible is a solution !
One way or another - it's a mess.
Upstream constify thing as soon as possible is a solution !
- arekm
- Posts: 23
- Joined: Mon Mar 30, 2009 5:30 am
3 posts
• Page 1 of 1