Project

General

Profile

Bug #7515

shouldn't be able to map PROT_EXEC object segments from noexec filesystems

Added by Rich Lowe about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2016-10-27
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

mmapobj(2) checks VFS_NOEXEC only in the case of executable files (ET_EXEC, or a.out files that aren't libraries).

This is wrong, noexec mounts should prevent PROT_EXEC mappings of files stored on them, too. Such that LD_PRELOAD, LD_LIBRARY_PATH etc, cannot be used to load a shared object from such a mount.

Also available in: Atom PDF