Subject: re: mmap(), security and /dev/zero
To: Curt Sampson <>
From: matthew green <>
List: tech-security
Date: 06/24/2004 14:11:20
   > From your point of view. From my point of view, requiring execute
   > permission on any file backing an executable mapping would give an
   > enormous security benefit; it would, for example, allow one to ensure
   > that code could never be executed from any writable file system.
   Doesn't the noexec flag allow you to do this already?

that's what i thought.  i didn't follow thor's point anyway,  if
the file system is writable what is stopping me from adding the
'x' bit ?

to jonathan:  a x-bit-required-for-PROT_EXEC change needs a lot
of 'settle time' in -current.  not for 2.0.