shouldn't be able to map PROT_EXEC object segments from noexec filesystems
mmapobj(2) checks VFS_NOEXEC only in the case of executable files (ET_EXEC, or a.out files that aren't libraries).
This is wrong, noexec mounts should prevent PROT_EXEC mappings of files stored on them, too. Such that LD_PRELOAD, LD_LIBRARY_PATH etc, cannot be used to load a shared object from such a mount.
Updated by Electric Monk about 4 years ago
- Status changed from Pending RTI to Closed
commit 87aa58a7ee8b4aa2bbcededb9414c2ecd0ca42ba Author: Richard Lowe <email@example.com> Date: 2016-10-27T03:49:44.000Z 7515 shouldn't be able to map PROT_EXEC object segments from noexec filesystems Reviewed by: Dan McDonald <firstname.lastname@example.org> Reviewed by: Joshua M. Clulow <email@example.com> Approved by: Dan McDonald <firstname.lastname@example.org>