|
|
|
|
|
|
by sdht0
752 days ago
|
|
|
Thanks! Another important bit: > sealing changes the lifetime of a mapping, i.e. the sealed mapping won’t be unmapped till the process terminates or the exec system call is invoked. Applications can apply sealing to any virtual memory region from userspace, but it is crucial to thoroughly analyze the mapping’s lifetime prior to apply the sealing. |
|
|
Are there libraries for handling this yet?
> IIRC, with CPython the NX bit doesn't work when any imported C extension has nested functions / trampolines
How should CPython support the mseal() syscall?