From owner-freebsd-bugs@FreeBSD.ORG Tue Apr 13 22:23:48 2004 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6529016A4CE for ; Tue, 13 Apr 2004 22:23:48 -0700 (PDT) Received: from dglawrence.com (c-24-21-223-117.client.comcast.net [24.21.223.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17DF343D2D for ; Tue, 13 Apr 2004 22:23:48 -0700 (PDT) (envelope-from dg@nexus.dglawrence.com) Received: from nexus.dglawrence.com (localhost [127.0.0.1]) by dglawrence.com (8.12.10/8.12.6) with ESMTP id i3E5NC5X032501; Tue, 13 Apr 2004 22:23:12 -0700 (PDT) (envelope-from dg@nexus.dglawrence.com) Received: (from dg@localhost) by nexus.dglawrence.com (8.12.10/8.12.3/Submit) id i3E5NC3L032500; Tue, 13 Apr 2004 22:23:12 -0700 (PDT) Date: Tue, 13 Apr 2004 22:23:12 -0700 From: "David G. Lawrence" To: "Mark W. Krentel" Message-ID: <20040414052312.GB2439@nexus.dglawrence.com> References: <20040414034342.GA2439@nexus.dglawrence.com> <200404140441.i3E4fNaK038974@blue.mwk.domain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200404140441.i3E4fNaK038974@blue.mwk.domain> cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/64573: mmap with PROT_NONE, but still could be read X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2004 05:23:48 -0000 > > Why would anyone want to mmap a file with PROT_NONE? > > The same reason you're allowed to create a file with mode 000. The > OS doesn't make value judgements about your program. If you ask for > PROT_NONE, then you're supposed to get PROT_NONE. That's a pretty weak argument. Files with mode 000 are still readable by root and the mode can be changed later to make the file more useful. You can't really say the same thing about mmap PROT_NONE. The reason I'm asking the question isn't because I'm trying to be a PITA. I'm asking this because it helps determine if the bug is in the kernel or if the bug is in the documentation. PROT_NONE (actually VM_PROT_NONE) is a protection that is used internally in the kernel for removing mappings from address spaces. The fact that it is exported as part of the mmap syscall API seems more than a little weird to me. I suspect that it is there for use with the mprotect() syscall (which is obviously useful), and not for mmap(). I don't know what the relavent standards specifications say about mmap() protections. If PROT_NONE is defined for use with mmap() and it is required that it make an unuseful mapping, then I'd be all for your suggested changes in order to be standards compliant. > The same bug happens mmap()-ing a file with PROT_WRITE, you still get > read access. In this case, PROT_NONE was just the simplest way to > demonstrate the bug. Actually that's a different case since many architectures don't support write-only regions, so a PROT_WRITE mapping implies PROT_READ in those cases. -DG David G. Lawrence President Download Technologies, Inc. - http://www.downloadtech.com - (866) 399 8500 TeraSolutions, Inc. - http://www.terasolutions.com - (888) 346 7175 The FreeBSD Project - http://www.freebsd.org Pave the road of life with opportunities.