Change Details

If sysctl vm.allow_wx = 0 then disallow prot with `PROT_WRITE` and `PROT_EXECUTE` both set, for mmap(2) and mprotect(2). TODO: add support in procctl(2), proccontrol(1), and ELF tagging.

If sysctl vm.allow_wx = 0 then disallow prot with `PROT_WRITE` and `PROT_EXECUTE` both set, for mmap(2) and mprotect(2). This is a naive implementation at the system call layer that enforces a restriction upon the application. We should move it at least one layer lower, but this can be used to identify and patch applications that create writable+executable mappings.

If sysctl vm.allow_wx = 0 then disallow prot with `PROT_WRITE` and `PROT_EXECUTE` both set, for mmap(2) and mprotect(2). TODO: add support in procctl(2),This is a naive implementation at the system call layer that enforces a restriction upon the application. proccontrol(1)We should move it at least one layer lower, and ELF tagging. but this can be used to identify and patch applications that create writable+executable mappings.