Bug #7515: shouldn't be able to map PROT_EXEC object segments from noexec filesystems - illumos gate - illumos

Bug #7515

shouldn't be able to map PROT_EXEC object segments from noexec filesystems

Added by Rich Lowe about 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Rich Lowe

Category:

kernel

Start date:

2016-10-27

Due date:

% Done:

100%

Estimated time:

Difficulty:

Medium

Tags:

Gerrit CR:

Description

mmapobj(2) checks VFS_NOEXEC only in the case of executable files (ET_EXEC, or a.out files that aren't libraries).

This is wrong, noexec mounts should prevent PROT_EXEC mappings of files stored on them, too. Such that LD_PRELOAD, LD_LIBRARY_PATH etc, cannot be used to load a shared object from such a mount.

History
Notes

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #7515

shouldn't be able to map PROT_EXEC object segments from noexec filesystems

Updated by Electric Monk about 4 years ago