[pcre-dev] [Bug 1749] PCRE-JITted code should be executed fr…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Madmin at <-
Madmin at ->
Delete this message
Author: admin
Date:  
To: pcre-dev
Old-Topics: [pcre-dev] [Bug 1749] New: PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
Subject: [pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
https://bugs.exim.org/show_bug.cgi?id=1749

--- Comment #51 from Zoltan Herczeg <hzmester@???> ---
Yes, that is a very good point. SELinux is designed to prevent JIT compilation.

Probably the solution could be recompiling everything after a fork (remember
the JIT compiling options and do a compilation during exec). It could be a
counter: every time we do a fork the value is increased by one. If an executed
pattern has lower counter than the current one: recompile it. But that could
have side effects and constantly checking forks could be expensive.

It would be good to talk to a security expert, and discuss whether JIT
compiling is important on SELinux, or security > performance there.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Pcre-dev
Mailing List Info | Nearby Messages		<-[pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction[pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)