Subject: Re: mmap(), security and /dev/zero
To: David Laight <>
From: Jonathan Stone <>
List: tech-security
Date: 06/23/2004 16:31:45
In message <>,
David Laight writes:

>> "Not exactly".  I believe we decided to not require the x bit on files
>> backing executable mappings, because this would be a painful user-visible
>> change (every shared object on the system would require x added to its
>> permissions).
>Yes - If 'x' were required then the shell (etc) will try to execute them.....

I'd contend that anyone silly enough to put /lib or /usr/lib on their
shell's execute path deserves what they get.

>Requiring 'x' basically gives little or no (obvious) benefits, and a lot
>of problems.

For you, perhaps. For those of us who try to build hardened systems,
thats... well, speaking personally, I'd really like to see ``+x
required for executable mmap'' make it into 2.0.  As a config-time
option, maybe, but there.