[2/5] hurd: Map brk non-executable
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
Commit Message
The rest of the heap (backed by individual pages) is already mapped RW.
Mapping these pages RWX presents a security hazard.
Also, in another branch memory gets allocated using vm_allocate, which
sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch
between protections prevents Mach from coalescing the VM map entries.
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
---
sysdeps/mach/hurd/brk.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Applied, thanks!
Sergey Bugaev via Libc-alpha, le lun. 26 juin 2023 02:17:48 +0300, a ecrit:
> The rest of the heap (backed by individual pages) is already mapped RW.
> Mapping these pages RWX presents a security hazard.
>
> Also, in another branch memory gets allocated using vm_allocate, which
> sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch
> between protections prevents Mach from coalescing the VM map entries.
>
> Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
> ---
> sysdeps/mach/hurd/brk.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sysdeps/mach/hurd/brk.c b/sysdeps/mach/hurd/brk.c
> index f1349495..3a335194 100644
> --- a/sysdeps/mach/hurd/brk.c
> +++ b/sysdeps/mach/hurd/brk.c
> @@ -106,7 +106,7 @@ _hurd_set_brk (vm_address_t addr)
> /* First finish allocation. */
> err = __vm_protect (__mach_task_self (), pagebrk,
> alloc_start - pagebrk, 0,
> - VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
> + VM_PROT_READ|VM_PROT_WRITE);
> if (! err)
> _hurd_brk = alloc_start;
>
> @@ -120,7 +120,7 @@ _hurd_set_brk (vm_address_t addr)
> else
> /* Make the memory accessible. */
> err = __vm_protect (__mach_task_self (), pagebrk, pagend - pagebrk,
> - 0, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
> + 0, VM_PROT_READ|VM_PROT_WRITE);
>
> if (err)
> return __hurd_fail (err);
> --
> 2.41.0
>
@@ -106,7 +106,7 @@ _hurd_set_brk (vm_address_t addr)
/* First finish allocation. */
err = __vm_protect (__mach_task_self (), pagebrk,
alloc_start - pagebrk, 0,
- VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
+ VM_PROT_READ|VM_PROT_WRITE);
if (! err)
_hurd_brk = alloc_start;
@@ -120,7 +120,7 @@ _hurd_set_brk (vm_address_t addr)
else
/* Make the memory accessible. */
err = __vm_protect (__mach_task_self (), pagebrk, pagend - pagebrk,
- 0, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
+ 0, VM_PROT_READ|VM_PROT_WRITE);
if (err)
return __hurd_fail (err);