Subject: Re: mmap(), security and /dev/zero
To: Matt Thomas <email@example.com>
From: David Laight <firstname.lastname@example.org>
Date: 06/24/2004 21:27:48
On Thu, Jun 24, 2004 at 10:00:14AM -0700, Matt Thomas wrote:
> On Jun 24, 2004, at 1:58 AM, Alan Barrett wrote:
> >How does the following compromise sound?
> > shlibs must be in files that have "r" permission.
> > shlibs must be on file systems that honour "x" permission
> > (that is, were not mounted with the noexec option).
> Now that we have noexec permissions on pages (for some architectures),
> make the mapping of vnode backed pages with PROT_EXEC only be allowed
> on filesystems that were not mounted with noexec. Otherwise,
> mmap/uvm_map/mprotect will return EPERM for the mapping operation.
What do we do about code that optimises certain loops by generating
assembler on the fly - as might well be done for graphics bit-blitzing?
David Laight: email@example.com