Date: Tue, 14 Feb 2017 10:42:23 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-fs@FreeBSD.org Subject: [Bug 217062] for file systems mounted with -o noexec, exec=off property does not work for mmap Message-ID: <bug-217062-3630-zzADqpyv6y@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-217062-3630@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217062 --- Comment #3 from shamaz.mazum@gmail.com --- Created attachment 179980 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=179980&action=edit Minimal test (In reply to Konstantin Belousov from comment #2) Oh, I thought noexec means complete 100% protection from any execution ;) But I have some doubts. What does the following code means in sys/kern/vfs_vnops.c ? /* * Ensure that file and memory protections are * compatible. Note that we only worry about * writability if mapping is shared; in this case, * current and max prot are dictated by the open file. * XXX use the vnode instead? Problem is: what * credentials do we use for determination? What if * proc does a setuid? */ mp = vp->v_mount; if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) maxprot = VM_PROT_NONE; else maxprot = VM_PROT_EXECUTE; if ((fp->f_flag & FREAD) != 0) maxprot |= VM_PROT_READ; else if ((prot & VM_PROT_READ) != 0) return (EACCES); The source is vn_map() function in source src/sys/kern/vfs_vnops.c A minimal test as you asked. Compile it and launch with any file on no-exec filesystem as its only argument. It tries to do mmap() and mprotect() and returns results -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-217062-3630-zzADqpyv6y>