FreeBSD Bugzilla – Attachment 179995 Details for
Bug 217062
for file systems mounted with -o noexec, exec=off property does not work for mmap
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
For MNT_NOEXEC mounts, disallow PROT_EXEC in prot as well.
1.patch (text/plain), 1.19 KB, created by
Konstantin Belousov
on 2017-02-14 19:23:06 UTC
(
hide
)
Description:
For MNT_NOEXEC mounts, disallow PROT_EXEC in prot as well.
Filename:
MIME Type:
Creator:
Konstantin Belousov
Created:
2017-02-14 19:23:06 UTC
Size:
1.19 KB
patch
obsolete
>diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c >index 03e13d0f764..54fc8a1b173 100644 >--- a/sys/fs/devfs/devfs_vnops.c >+++ b/sys/fs/devfs/devfs_vnops.c >@@ -1803,9 +1803,11 @@ devfs_mmap_f(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size, > * compatible. > */ > mp = vp->v_mount; >- if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) >+ if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) { > maxprot = VM_PROT_NONE; >- else >+ if ((prot & VM_PROT_EXECUTE) != 0) >+ return (EACCES); >+ } else > maxprot = VM_PROT_EXECUTE; > if ((fp->f_flag & FREAD) != 0) > maxprot |= VM_PROT_READ; >diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c >index e8f142049c5..1329dc32fa0 100644 >--- a/sys/kern/vfs_vnops.c >+++ b/sys/kern/vfs_vnops.c >@@ -2430,9 +2430,11 @@ vn_mmap(struct file *fp, vm_map_t map, vm_offset_t *addr, vm_size_t size, > * proc does a setuid? > */ > mp = vp->v_mount; >- if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) >+ if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) { > maxprot = VM_PROT_NONE; >- else >+ if ((prot & VM_PROT_EXECUTE) != 0) >+ return (EACCES); >+ } else > maxprot = VM_PROT_EXECUTE; > if ((fp->f_flag & FREAD) != 0) > maxprot |= VM_PROT_READ;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 217062
:
179941
|
179980
| 179995