Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

From: "Jesper Juhl" <jesper.juhl@xxxxxxxxx>
Date: Wed, 4 Oct 2006 20:02:29 +0200

On 03/10/06, Stas Sergeev <stsp@xxxxxxxx> wrote:

Hello.

Arjan van de Ven wrote:
> no what bothers me that on the one hand you want no execute from the
> partition, and AT THE SAME TIME want stuff to execute from there (being
> libraries or binaries, same thing to me).
The original problem came from "noexec" on /dev/shm
mount. There is no library and no binary there, but
the programs do shm_open(), ftruncate() and
mmap(MAP_SHARED, PROT_EXEC) to get some shared memory
with an exec perm. That fails.

So first you mount /dev/shm with 'noexec', thereby telling the system
"please make shared memory non executable".
Then an application goes and asks for executable shared memory, gets
denied and thus fails. And that's a problem? It's exactely what you
asked for.

Either you want non-executable shared memory, so you mount /dev/shm
'noexec' or you want shared memory to be executable, in which case you
don't mount it 'noexec'.

As I see it, that's really all there is to it.

--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Follow-Ups:
- Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
  - From: Stas Sergeev

References:
- Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
  - From: Arjan van de Ven
- Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
  - From: Stas Sergeev

Prev by Date: [S390] cio: add timeout handler for internal operations.
Next by Date: Re: What's in libata-dev.git
Previous by thread: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
Next by thread: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
Index(es):
- Date
- Thread

Relevant Pages

Re: Running php file as a background process
... commands then the handler should execute the functions of a ... you'll need to compile PHP with the --enable-sysvsem flag to get the shared memory and ipc functions. ... HTTP is a request/response protocol; the server can't just arbitrarily send information to the browser. ... I would think maybe a Java applet on the client and a Java program running on the server would be better. ...
(comp.lang.php)
[9fans] v9fs question
... The documentation in the linux kernel says you merely ... this fails on my system since /sbin/mount tries to execute /sbin/mount.9p and fails. ... Ironic since Ubuntu came with the 9p kernel module) Or should I be using a different mount program for the purpose? ...
(comp.os.plan9)
Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
... "please make shared memory non executable". ... In my opinion (and it was so ... for ages) I only tell it to not execute the ... the other hand I am just mmaping some file, ...
(Linux-Kernel)
How to distinguish between two instances of the same program
... Each program will attach itself to a shared memory ). ... One of the two instances should execute a function "first", ... shmctl(id, IPC_STAT, &mem); ...
(comp.os.linux.development.apps)
Trigger to start a process when a file is modified.
... Is the a method to have the Unix OS execute a process when a file is ... I have a process that maintains generated files in shared memory. ... than check the real system file with that in shared memory each time ...
(comp.unix.solaris)