Subject: Re: mmap(), security and /dev/zero
To: David Laight <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 06/23/2004 16:31:27
On Wed, Jun 23, 2004 at 09:24:48PM +0100, David Laight wrote:
> > "Not exactly". I believe we decided to not require the x bit on files
> > backing executable mappings, because this would be a painful user-visible
> > change (every shared object on the system would require x added to its
> > permissions).
> Yes - If 'x' were required then the shell (etc) will try to execute them.....
> Requiring 'x' basically gives little or no (obvious) benefits, and a lot
> of problems.
From your point of view. From my point of view, requiring execute permission
on any file backing an executable mapping would give an enormous security
benefit; it would, for example, allow one to ensure that code could never
be executed from any writable file system.
I'll note that I'm not the only one who seems to think this; several other
people who have looked at building small, hardened NetBSD systems have
proposed the same thing; and HP/UX actually does it.