Subject: Re: mmap(), security and /dev/zero
To: Thor Lancelot Simon <>
From: Todd Vierling <>
List: tech-security
Date: 06/23/2004 16:45:55
On Wed, 23 Jun 2004, Thor Lancelot Simon wrote:

> From your point of view.  From my point of view, requiring execute permission
> on any file backing an executable mapping would give an enormous security
> benefit; it would, for example, allow one to ensure that code could never
> be executed from any writable file system.
> I'll note that I'm not the only one who seems to think this; several other
> people who have looked at building small, hardened NetBSD systems have
> proposed the same thing; and HP/UX actually does it.

Not that it matters much, but Interix enforces this too (for precisely this
security point), which is why I've had to go fix a bunch of things in pkgsrc
to obey that constraint -- changing $(INSTALL) to the new $(INSTALL_LIB).

-- Todd Vierling <> <>