From owner-freebsd-bugs@FreeBSD.ORG  Wed Apr 14 23:12:16 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE36316A4D0
	for <freebsd-bugs@FreeBSD.org>; Wed, 14 Apr 2004 23:12:16 -0700 (PDT)
Received: from catapult.dreamscape.com (catapult.dreamscape.com
	[206.64.128.85])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4CC8943D5F
	for <freebsd-bugs@FreeBSD.org>; Wed, 14 Apr 2004 23:12:16 -0700 (PDT)
	(envelope-from krentel@dreamscape.com)
Received: from mail2.dreamscape.com (mail2.dreamscape.com [206.64.128.18])
	i3F6CDfJ012606;	Thu, 15 Apr 2004 02:12:13 -0400 (EDT)
Received: from blue.mwk.domain (sA17-p6.dreamscape.com [209.217.195.197])
	i3F6CBSj002242;	Thu, 15 Apr 2004 02:12:12 -0400 (EDT)
Received: from blue.mwk.domain (localhost [127.0.0.1])
	by blue.mwk.domain (8.12.9p2/8.12.9) with ESMTP id i3F6CMaK041191;
	Thu, 15 Apr 2004 02:12:23 -0400 (EDT)
	(envelope-from krentel@blue.mwk.domain)
Message-Id: <200404150612.i3F6CMaK041191@blue.mwk.domain>
To: freebsd-bugs@FreeBSD.org
Date: Thu, 15 Apr 2004 02:12:22 -0400
From: "Mark W. Krentel" <krentel@dreamscape.com>
Subject: Re: kern/64573: mmap with PROT_NONE, but still could be read
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2004 06:12:16 -0000

I'm concerned that my previous message was misleading, so let me
clarify one point.  IEEE Std 1003.1-2003 on mmap() does say:

    If an implementation cannot support the combination of access types
    specified by prot, the call to mmap() shall fail.

But that doesn't mean that if the OS can't support the precise
combination of protection options that mmap() must fail.  mmap() may
add other access beyond what is requested.  In the RATIONALE section,
two cases are handled explicitly:

    implementations are required to disallow write access to mappings
    without write permission and to disallow access to mappings without
    any access permission.

But in general:

    Other than these restrictions, implementations may allow access types
    other than those requested by the application. For example, if the
    application requests only PROT_WRITE, the implementation may also
    allow read access.

See:  http://www.opengroup.org/onlinepubs/007904975/functions/mmap.html

So, to summarize: (1) the OS must allow all access that is explicitly
requested, (2) it may add extra access, except (3) it must not allow
write access without PROT_WRITE and it must disallow all access if
PROT_NONE is given alone.  And if it can't do that, then mmap() should
fail.

Sorry if my previous message was unclear or misleading.

--Mark