• 1 Post
  • 328 Comments
Joined 1 year ago
cake
Cake day: June 16th, 2023

help-circle


  • Mprotect stops any read and write and execute access to memory in both user and kernel lands (only rx or wx). Stuff like web browsers won’t work unless you have a program to mark it in elf to not use pax. However, this kills a lot of exploits with that turned on by itself (though there are probably work arounds if you are developing exploits which the other features would hopefully catch). That’s why people installed 3rd party unmainlined security patches, but that’s just me maybe idk.

    I am having a hard time following what this does or why this is desirable. You’re saying there’s a patch this thing provides that … disables memory access … unless a flag is set in an executable … which will then bypass the security?







  • I mean, vendor lock-in and lack of resiliency to a vendor-specific outage, maybe caused by some piece of their stack you have never nor will ever touch, or maybe the platform CEO decides your kind of company isn’t expedient for their business anymore, are among the reasons why a company should never have ended up in that situation in the first place.

    You can continue along that road of least resistance while ignoring all of the risks. That is up to you. You’ll probably be fine. (Not joking, you’ll be fine. But don’t pretend like this is all necessary.)