|
|
|
|
|
|
by gavinray
900 days ago
|
|
|
It's a bit wild, but you can use memfd_create to do things like load libraries or binaries, on a filesystem that has no read/write access and noexec enabled. I have been meaning to do a blog post about this, since it doesn't seem to be common knowledge. Originally, I thought of it as a response to a Reddit question: "How can I load a shared library from a .jar directly into memory?" https://old.reddit.com/r/java/comments/15lcwil/load_shared_l... |
|
|
memfd_create's whole selling point is that it isn't backed by a filesystem; it isn't "on" one in the first place, so there is nowhere for it to inherit such restrictions from. The consequences of that can be surprising though, I agree, and are worth exploring and writing about.