Subject: Re: mmap(), security and /dev/zero
To: matthew green <mrg@eterna.com.au>
From: Daniel Carosone <dan@geek.com.au>
List: tech-kern
Date: 06/24/2004 14:15:59
--kfjH4zxOES6UT95V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Jun 24, 2004 at 02:11:20PM +1000, matthew green wrote:
> that's what i thought.  i didn't follow thor's point anyway,  if
> the file system is writable what is stopping me from adding the
> 'x' bit ?

you can set it, but it should be ignored if the fs is mounted noexec;
just like you can mknod on a nodev-mounted fs, but it won't make the
device accessible.

at the moment, it's only ignored for execve, not PROT_EXEC mappings,
which is the point/problem.

> to jonathan:  a x-bit-required-for-PROT_EXEC change needs a lot
> of 'settle time' in -current.  not for 2.0.

alas, too true.

--
Dan.
--kfjH4zxOES6UT95V
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFA2lV/EAVxvV4N66cRAp9bAKDwpr5lhsA1skMeWk6lamC3CFyTngCg27Lf
+4VDtwti15OWMmJLM0+kLLM=
=EHJe
-----END PGP SIGNATURE-----

--kfjH4zxOES6UT95V--