Subject: Re: more on non-executable mappings vs. emulations
To: None <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 07/27/2004 13:46:05
On Sun, Jul 18, 2004 at 11:11:29PM -0700, Chuck Silvers wrote:
> On Sun, Jul 18, 2004 at 09:56:29PM +0200, Emmanuel Dreyfus wrote:
> > >> I agree that we should not make kernels insecure by default in order
> > >> to please broken emulations. On the other hand, we should document
> > >> and explain why emulations break and provide a sysctl to let broken
> > >> emulated programs run until we supply the tools you mention above.
> > >> This sysctl should default to "off" and users should be strongly
> > >> cautioned against turning it "on".
> > > well, the tools will be much easier to write than the sysctl, so I'm only
> > > going to do the tools. I'd prefer that the sysctl thing never actually be
> > > done, since it opens a big can of worms.
> > On the other hand, the sysctl is the right fix.
> actually, the right fix is for the applications in question to not assume
> that mapped data is executable if they haven't explicitly requested it.
Just to reemphasize this, the "patch it" solution actually causes the
modified executable to work as originally intended: the sections actually
containing executable code are mapped executable, and the others are not.
The "sysctl" solution simply unilaterally *disables an important security
feature* for *all* executables running in the emulation in question, *even
those that aren't actually buggy so as to require patching*.
That doesn't seem like a very good solution to me. In fact, it seems at
least as problematic as the patching one, just in a different way.