Subject: Re: mmap(), security and /dev/zero
To: Bill Studenmund <>
From: Andrew Brown <>
List: tech-kern
Date: 06/25/2004 08:41:31
On Thu, Jun 24, 2004 at 12:19:51PM -0700, Bill Studenmund wrote:
>On Thu, Jun 24, 2004 at 10:58:54AM +0200, Alan Barrett wrote:
>> How does the following compromise sound?
>>         shlibs must be in files that have "r" permission.
>>         shlibs must be on file systems that honour "x" permission
>>                 (that is, were not mounted with the noexec option).
>I think that sounds quite reasonable. And I don't think it'd be too hard 
>to implement.

i think this is the already case, given:

    (1) you must be able to read a file to open it, which you must do
        in order to mmap it

    (2) this code from src/sys/uvm:uvm_mmap()

                 * Don't allow mmap for EXEC if the file system
                 * is mounted NOEXEC.
                if ((prot & PROT_EXEC) != 0 &&
                    (vp->v_mount->mnt_flag & MNT_NOEXEC) != 0)
                        return (EACCES);

    (3) this code from src/sys/uvm/uvm_map.c:uvm_map_protect()

                 * Don't allow VM_PROT_EXECUTE to be set on entries that
                 * point to vnodes that are associated with a NOEXEC file
                 * system.
                if (UVM_ET_ISOBJ(current) &&
                    UVM_OBJ_IS_VNODE(current->object.uvm_obj)) {
                        struct vnode *vp =
                            (struct vnode *) current->object.uvm_obj;

                        if ((new_prot & VM_PROT_EXECUTE) != 0 &&
                            (vp->v_mount->mnt_flag & MNT_NOEXEC) != 0) {
                                error = EACCES;
                                goto out;

the only thing that's *not* covered, afaict, is filesystems that get
remounted (ie, mount -u) with/without noexec.  the transition between
those two states doesn't affect anything that's already got executable

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."