Subject: Re: mmap(), security and /dev/zero
To: David Laight <david@l8s.co.uk>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 06/23/2004 16:31:27
On Wed, Jun 23, 2004 at 09:24:48PM +0100, David Laight wrote:
> > "Not exactly".  I believe we decided to not require the x bit on files
> > backing executable mappings, because this would be a painful user-visible
> > change (every shared object on the system would require x added to its
> > permissions).
> 
> Yes - If 'x' were required then the shell (etc) will try to execute them.....
> Requiring 'x' basically gives little or no (obvious) benefits, and a lot
> of problems.

From your point of view.  From my point of view, requiring execute permission
on any file backing an executable mapping would give an enormous security
benefit; it would, for example, allow one to ensure that code could never
be executed from any writable file system.

I'll note that I'm not the only one who seems to think this; several other
people who have looked at building small, hardened NetBSD systems have
proposed the same thing; and HP/UX actually does it.

Thor