From owner-cvs-all  Fri Feb  5 13:05:12 1999
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA01472
          for cvs-all-outgoing; Fri, 5 Feb 1999 13:05:12 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA01459
          for <committers@FreeBSD.ORG>; Fri, 5 Feb 1999 13:05:09 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.2/8.9.1) id NAA99296;
	Fri, 5 Feb 1999 13:05:03 -0800 (PST)
	(envelope-from dillon)
Date: Fri, 5 Feb 1999 13:05:03 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199902052105.NAA99296@apollo.backplane.com>
To: John Polstra <jdp@polstra.com>
Cc: committers@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/vm vm_unix.c
References:  <199902051827.KAA22713@vashon.polstra.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

:Wouldn't this change break things like just-in-time compilers, if
:it weren't for the quirk that our currently-supported architectures
:ignore VM_PROT_EXECUTE?
:
:I think it would be more correct to take the opposite approach and
:make the ELF loader use VM_PROT_ALL.  That's what is done for a.out.
:I believe the stack already needs to be VM_PROT_ALL, because of the
:signal trampoline code.
:
:I think we should change the ELF loader and RTLD to grant execute
:permission whenever read permission is present.  I'm willing to do
:the work if there's agreement.
:
:John
:-- 
:  John Polstra                                               jdp@polstra.com

    It shouldn't have an effect, simply because IA32 does not have
    an execute flag in its pte.  Also, dynamic loaders and ( I expect )
    JIT compilers use mmap() to allocate space.  Using malloc()
    is rather dangerous since you can't be sure that the memory is
    pristine from the point of view of the instruction cache.
    Plus, a JIT compiler would also use mprotect().

    So, given all of that plus the fact that the 'default' should
    be 'more secure' rather then 'less secure', I think it makes
    more sense to use VM_PROT_READ/WRITE rather then VM_PROT_ALL.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message