Subject: Re: mmap(), security and /dev/zero
To: Matt Thomas <>
From: David Laight <>
List: tech-kern
Date: 06/24/2004 21:27:48
On Thu, Jun 24, 2004 at 10:00:14AM -0700, Matt Thomas wrote:
> On Jun 24, 2004, at 1:58 AM, Alan Barrett wrote:
> >How does the following compromise sound?
> >
> >        shlibs must be in files that have "r" permission.
> >        shlibs must be on file systems that honour "x" permission
> >                (that is, were not mounted with the noexec option).
> Now that we have noexec permissions on pages (for some architectures),
> make the mapping of vnode backed pages with PROT_EXEC only be allowed
> on filesystems that were not mounted with noexec.  Otherwise,
> mmap/uvm_map/mprotect will return EPERM for the mapping operation.

What do we do about code that optimises certain loops by generating
assembler on the fly - as might well be done for graphics bit-blitzing?


David Laight: