noexec_user_stack should be a security-flag
In addition to being tuned globally via the noexec_user_stack kernel global (which is retained for compatibility). The control of stack executability fits neatly as a per-process security-flags (see #7029) and should be implemented as one.
Updated by Electric Monk about 4 years ago
- Status changed from In Progress to Closed
- % Done changed from 70 to 100
commit d2a70789f056fc6c9ce3ab047b52126d80b0e3da Author: Richard Lowe <firstname.lastname@example.org> Date: 2016-10-15T16:02:16.000Z 7029 want per-process exploit mitigation features (secflags) 7030 want basic address space layout randomization (ASLR) 7031 noexec_user_stack should be a security-flag 7032 want a means to forbid mappings around NULL Reviewed by: Robert Mustacchi <email@example.com> Reviewed by: Josef 'Jeff' Sipek <firstname.lastname@example.org> Reviewed by: Patrick Mooney <email@example.com> Approved by: Dan McDonald <firstname.lastname@example.org>