Subject: Re: mmap(), security and /dev/zero
To: matthew green <>
From: Daniel Carosone <>
List: tech-kern
Date: 06/24/2004 14:15:59
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Jun 24, 2004 at 02:11:20PM +1000, matthew green wrote:
> that's what i thought.  i didn't follow thor's point anyway,  if
> the file system is writable what is stopping me from adding the
> 'x' bit ?

you can set it, but it should be ignored if the fs is mounted noexec;
just like you can mknod on a nodev-mounted fs, but it won't make the
device accessible.

at the moment, it's only ignored for execve, not PROT_EXEC mappings,
which is the point/problem.

> to jonathan:  a x-bit-required-for-PROT_EXEC change needs a lot
> of 'settle time' in -current.  not for 2.0.

alas, too true.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (NetBSD)