From owner-freebsd-bugs@FreeBSD.ORG Wed Apr 14 17:32:25 2004 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 535EA16A4CE for ; Wed, 14 Apr 2004 17:32:25 -0700 (PDT) Received: from catapult.dreamscape.com (catapult.dreamscape.com [206.64.128.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6A2D43D55 for ; Wed, 14 Apr 2004 17:32:24 -0700 (PDT) (envelope-from krentel@dreamscape.com) Received: from mail3.dreamscape.com (mail3.dreamscape.com [206.64.128.213]) i3F0WMfJ023995; Wed, 14 Apr 2004 20:32:22 -0400 (EDT) Received: from blue.mwk.domain (sA18-p4.dreamscape.com [209.217.200.4]) i3F0WLBK013938; Wed, 14 Apr 2004 20:32:21 -0400 (EDT) Received: from blue.mwk.domain (localhost [127.0.0.1]) by blue.mwk.domain (8.12.9p2/8.12.9) with ESMTP id i3F0WUaK040793; Wed, 14 Apr 2004 20:32:31 -0400 (EDT) (envelope-from krentel@blue.mwk.domain) Message-Id: <200404150032.i3F0WUaK040793@blue.mwk.domain> To: "David G. Lawrence" , "Gregory Bond" In-Reply-To: Your message of "Tue, 13 Apr 2004 22:23:12 PDT." <20040414052312.GB2439@nexus.dglawrence.com> Date: Wed, 14 Apr 2004 20:32:30 -0400 From: "Mark W. Krentel" cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/64573: mmap with PROT_NONE, but still could be read X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 00:32:25 -0000 As I understand it, mmap() is required to support the PROT_NONE request and its #define'd constant. Whether or not the OS can satisfy that request depends, in part, on hardware. Quoting IEEE Std 1003.1: If an implementation cannot support the combination of access types specified by prot, the call to mmap() shall fail. ... If the Memory Protection option is supported, the implementation shall not permit a write to succeed where PROT_WRITE has not been set or shall not permit any access where PROT_NONE alone has been set. The implementation shall support at least the following values of prot: PROT_NONE, PROT_READ, PROT_WRITE, and the bitwise-inclusive OR of PROT_READ and PROT_WRITE. See: http://www.opengroup.org/onlinepubs/007904975/functions/mmap.html So, you can always ask for PROT_NONE, or any other odd combination of options. But if prot specifies some combination that the hardware or OS can't support, then the syscall is supposed to fail. The same bug in kern/64573 also happens with madvise(). Calling madvise(..., MADV_WILLNEED) always adds read access as an undocumented side effect. > Files with mode 000 are still readable by root and the mode can be > changed later to make the file more useful. You can't really say the > same thing about mmap PROT_NONE. Sure you can. As long as the protection was included in open(), you can increase it with mprotect(). > Is it even possible to implement PROT_WRITE&~PROT_READ or PROT_NONE on i386? On the P2 and P3 that I tested on, I was able to achieve all four combinations of read/write access or not. I guess I didn't try exec. But you're absolutely right that this varies by hardware. Maybe mmap() should be patched with some #ifdef's to account for these differences in architecture. --Mark