Subject: Re: PROT_EXEC mappings of vnodes -> VTEXT
To: Bill Studenmund <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 10/30/2001 11:22:12
On Sun, Oct 28, 2001 at 03:28:49PM -0800, Bill Studenmund wrote:
> This idea matches one I had.
> But I think we should take a step back. The goal of this thread was mainly
> to stop libc from getting paged out (or more specifically so that libs get
> counted as program pages, not random data). We aren't the first OS to face
> this, and the others (ALL the others AFAICT) seem to have not needed to
> mark their shared libraries as executable. So how did they do it, and why
> shouldn't we do things that way?
Sometimes it's the case that when you start looking at one problem hard
enough, you notice another one. I don't agree that it's correct to just
pretend that the second problem doesn't exist because it wasn't the one
you were originally looking at.
In this case, the second problem is "files containing program text
shouldn't be able to be written while the program's executing, yet we
don't want users to be able to make arbitrary files unwritable". The
compromise solution I proposed can solve that problem -- while also allowing
us to continue to use VTEXT to solve the original problem. I haven't seen
any other concrete proposal that can do that.
Many other UNIX variants demonstrably get it wrong, either by letting you
make files unwritable by mmaping them PROT_EXEC, or by letting you crash
running executables by overwriting their shared libraries.
Thor Lancelot Simon email@example.com
And now he couldn't remember when this passion had flown, leaving him so
foolish and bewildered and astray: can any man?