Am 13/08/2019 um 14:06 schrieb waddlesplash:
On Tue, Aug 13, 2019, 4:20 AM Axel Dörfler <axeld@xxxxxxxxxxxxxxxx <mailto:axeld@xxxxxxxxxxxxxxxx>> wrote:
> > 8a0c9d52c629: OS: Rename B_USER_CLONEABLE_AREA to B_CLONEABLE_AREA.
> What's the point of this? For shared memory you now need this flag, but
> it doesn't really improve security at all.
Huh? Why?
This makes it impossible for e.g. an application to clone the heap areas of another application and, say, steal passwords, among many other things. So I'm not sure what you mean here
> What we'd need is to specify who can clone this area -- but doing so
> would already imply that one wants it cloneable in the first place.
Yes, that would be the next step; but it would be pretty involved so I have no plans to do it in the near future; the syscalls audit is probably more significant for now.
