Project

General

Profile

Bug #7515

shouldn't be able to map PROT_EXEC object segments from noexec filesystems

Added by Rich Lowe about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2016-10-27
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

mmapobj(2) checks VFS_NOEXEC only in the case of executable files (ET_EXEC, or a.out files that aren't libraries).

This is wrong, noexec mounts should prevent PROT_EXEC mappings of files stored on them, too. Such that LD_PRELOAD, LD_LIBRARY_PATH etc, cannot be used to load a shared object from such a mount.

#1

Updated by Electric Monk about 4 years ago

  • Status changed from Pending RTI to Closed

git commit 87aa58a7ee8b4aa2bbcededb9414c2ecd0ca42ba

commit  87aa58a7ee8b4aa2bbcededb9414c2ecd0ca42ba
Author: Richard Lowe <richlowe@richlowe.net>
Date:   2016-10-27T03:49:44.000Z

    7515 shouldn't be able to map PROT_EXEC object segments from noexec filesystems
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Joshua M. Clulow <jmc@joyent.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF