Attachment 179995 Details for Bug 217062 – For MNT_NOEXEC mounts, disallow PROT_EXEC in prot as well.

[patch] For MNT_NOEXEC mounts, disallow PROT_EXEC in prot as well.

1.patch (text/plain), 1.19 KB, created by Konstantin Belousov on 2017-02-14 19:23:06 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Konstantin Belousov

Created: 2017-02-14 19:23:06 UTC

Size: 1.19 KB

patch

obsolete

>diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c
>index 03e13d0f764..54fc8a1b173 100644
>--- a/sys/fs/devfs/devfs_vnops.c
>+++ b/sys/fs/devfs/devfs_vnops.c
>@@ -1803,9 +1803,11 @@ devfs_mmap_f(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size,
> 	 * compatible.
> 	 */
> 	mp = vp->v_mount;
>-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
>+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
> 		maxprot = VM_PROT_NONE;
>-	else
>+		if ((prot & VM_PROT_EXECUTE) != 0)
>+			return (EACCES);
>+	} else
> 		maxprot = VM_PROT_EXECUTE;
> 	if ((fp->f_flag & FREAD) != 0)
> 		maxprot |= VM_PROT_READ;
>diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c
>index e8f142049c5..1329dc32fa0 100644
>--- a/sys/kern/vfs_vnops.c
>+++ b/sys/kern/vfs_vnops.c
>@@ -2430,9 +2430,11 @@ vn_mmap(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size,
> 	 * proc does a setuid?
> 	 */
> 	mp = vp->v_mount;
>-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
>+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
> 		maxprot = VM_PROT_NONE;
>-	else
>+		if ((prot & VM_PROT_EXECUTE) != 0)
>+			return (EACCES);
>+	} else
> 		maxprot = VM_PROT_EXECUTE;
> 	if ((fp->f_flag & FREAD) != 0)
> 		maxprot |= VM_PROT_READ;

Actions: View | Diff

Attachments on bug 217062: 179941 | 179980 | 179995