| Prev Next | Secure Lazy Binding | Slide #33 |
mark the mappings which kbind() is allowed to alter with a new mprotect() bit
mprotect(got_addr, got_len, PROT_READ | __PROT_KBIND)
kbind() verifies that that bit is set, else sigexit(SIGILL)
mark the GOT and PLT as not permitting further mprotect() changes
mprotect(got_addr, got_len, PROT_READ | __PROT_KBIND | __PROT_LOCKPROT)
kbind() can only change those pages; those pages can only be changed by kbind()
| EuroBSDCon 2014 | Copyright © 2014 Philip Guenther |