[pcre-dev] [Bug 1749] PCRE-JITted code should be executed fr…

Top Pagina
Delete this message
Auteur: admin
Datum:  
Aan: pcre-dev
Oude Onderwerpen: [pcre-dev] [Bug 1749] New: PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
Onderwerp: [pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
https://bugs.exim.org/show_bug.cgi?id=1749

--- Comment #51 from Zoltan Herczeg <hzmester@???> ---
Yes, that is a very good point. SELinux is designed to prevent JIT compilation.

Probably the solution could be recompiling everything after a fork (remember
the JIT compiling options and do a compilation during exec). It could be a
counter: every time we do a fork the value is increased by one. If an executed
pattern has lower counter than the current one: recompile it. But that could
have side effects and constantly checking forks could be expensive.

It would be good to talk to a security expert, and discuss whether JIT
compiling is important on SELinux, or security > performance there.

--
You are receiving this mail because:
You are on the CC list for the bug.