Subject: re: mmap(), security and /dev/zero
To: Curt Sampson <email@example.com>
From: matthew green <firstname.lastname@example.org>
Date: 06/24/2004 14:11:20
> From your point of view. From my point of view, requiring execute
> permission on any file backing an executable mapping would give an
> enormous security benefit; it would, for example, allow one to ensure
> that code could never be executed from any writable file system.
Doesn't the noexec flag allow you to do this already?
that's what i thought. i didn't follow thor's point anyway, if
the file system is writable what is stopping me from adding the
'x' bit ?
to jonathan: a x-bit-required-for-PROT_EXEC change needs a lot
of 'settle time' in -current. not for 2.0.