Subject: Re: mmap(), security and /dev/zero
To: matthew green <mrg@eterna.com.au>
From: Daniel Carosone <dan@geek.com.au>
List: tech-kern
Date: 06/24/2004 14:15:59
--kfjH4zxOES6UT95V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Jun 24, 2004 at 02:11:20PM +1000, matthew green wrote:
> that's what i thought. i didn't follow thor's point anyway, if
> the file system is writable what is stopping me from adding the
> 'x' bit ?
you can set it, but it should be ignored if the fs is mounted noexec;
just like you can mknod on a nodev-mounted fs, but it won't make the
device accessible.
at the moment, it's only ignored for execve, not PROT_EXEC mappings,
which is the point/problem.
> to jonathan: a x-bit-required-for-PROT_EXEC change needs a lot
> of 'settle time' in -current. not for 2.0.
alas, too true.
--
Dan.
--kfjH4zxOES6UT95V
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
iD8DBQFA2lV/EAVxvV4N66cRAp9bAKDwpr5lhsA1skMeWk6lamC3CFyTngCg27Lf
+4VDtwti15OWMmJLM0+kLLM=
=EHJe
-----END PGP SIGNATURE-----
--kfjH4zxOES6UT95V--