|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mmap(), security and /dev/zero
From: David Laight (david
l8s.co.uk)
Date: Thu Jun 24 2004 - 15:27:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Jun 24, 2004 at 10:00:14AM -0700, Matt Thomas wrote:
> On Jun 24, 2004, at 1:58 AM, Alan Barrett wrote:
> >How does the following compromise sound?
> >
> > shlibs must be in files that have "r" permission.
> > shlibs must be on file systems that honour "x" permission
> > (that is, were not mounted with the noexec option).
>
> Now that we have noexec permissions on pages (for some architectures),
> make the mapping of vnode backed pages with PROT_EXEC only be allowed
> on filesystems that were not mounted with noexec. Otherwise,
> mmap/uvm_map/mprotect will return EPERM for the mapping operation.
What do we do about code that optimises certain loops by generating
assembler on the fly - as might well be done for graphics bit-blitzing?
David
--
David Laight: davidl8s.co.uk
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]