I'm trying to understand how programs can be isolated and secured.
Are there any valid cases when processes should require PROT_WRITE |PROT_EXEC on a memory page? Can this be avoided?
This seems like the opposite of the things the NX bit or W^X or DEP were trying to achieve.
Libre office seems to be using this and creating a whole lot of trouble on hardened linux.
That situation is only required when you are writing what amounts to a loader -- something that will be bringing in additional code on demand using its own mechanisms -- or a JIT compiler, or one of the VERY few other legitimate situations in which an application should be allowed to modify its own code. Even there, what's often done is to control the duration of those permissions, having the page only be writable when it's being loaded then switching it to only being executable so it can't be stepped on thereafter.
I have no insight into why Libre Office might think it needs this capability. You'd have to take that up with its developer community.
