| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Aug 2011 14:50:27 -0500 From: Will Drewry <wad@...omium.org> To: Mel Gorman <mel@....ul.ie> Cc: Roland McGrath <mcgrathr@...gle.com>, linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Al Viro <viro@...iv.linux.org.uk>, Eric Paris <eparis@...hat.com>, Andrea Arcangeli <aarcange@...hat.com>, Rik van Riel <riel@...hat.com>, Nitin Gupta <ngupta@...are.org>, Hugh Dickins <hughd@...gle.com>, Shaohua Li <shaohua.li@...el.com>, linux-mm@...ck.org Subject: Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint On Tue, Aug 16, 2011 at 2:40 PM, Mel Gorman <mel@....ul.ie> wrote: > On Tue, Aug 16, 2011 at 10:07:46AM -0700, Roland McGrath wrote: >> On Tue, Aug 16, 2011 at 2:33 AM, Mel Gorman <mel@....ul.ie> wrote: >> > Is using shm_open()+mmap instead of open()+mmap() to open a file on >> > /dev/shm really that difficult? >> > >> > int shm_open(const char *name, int oflag, mode_t mode); >> > int open(const char *pathname, int flags, mode_t mode); >> >> I cannot figure out the rationale behind this question at all. >> Both of these library functions result in the same system call. >> > > They might result in the same system call but one of them creates > the file under /dev/shm which should not have the same permissions > problem. The library really appears to want to create a shared > executable object, using shm_open does not appear that unreasonable > to me. If /dev/shm is mounted noexec, the resulting file will have VM_MAYEXEC stripped. I don't believe it is capable of doing anything special that will cause the mmap code path to find a different containing mountpoint. If it could, then that would certainly be preferable, but it would also make this VM_MAYEXEC calculation less effective in the default case. thanks! >> > An ordinary user is not going to know that a segfault from an >> > application can be fixed with this sysctl. This looks like something >> > that should be fixed in the library so that it can work on kernels >> > that do not have the sysctl. >> >> I think the expectation is that the administrator or system builder >> who decides to set the (non-default) noexec mount option will also >> set the sysctl at the same time. >> > > Which then needs to be copied in each distro wanting to do the same > thing and is not backwards compatible where as using shm_open is. > > -- > Mel Gorman > SUSE Labs > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists