Permalink
Browse files

CHROMIUM: Disable VM_MAYEXEC tainting for noexec mounts

With our userland, VM_MAYEXEC tainting does not provide much
additional benefit beyond protecting against LD_PRELOAD or
dlopen()ing files dropped in a noexec mountpoint.  This sets
the sysctl default to 0 such that VM_MAYEXEC is not masked off
of /dev/shm and other mountpoints when a file is mmap'd.

Signed-off-by: Will Drewry <wad@chromium.org>
BUG=chromium-os:19221,native-client:1883
TEST=booted, ran mmap_tester.c from the nacl bug.

Change-Id: If3c84f7c000b22328e8980fdf3cbcdb155a82a4b
Reviewed-on: http://gerrit.chromium.org/gerrit/6081
Reviewed-by: Mandeep Singh Baines <msb@chromium.org>
Tested-by: Will Drewry <wad@chromium.org>
  • Loading branch information...
1 parent a3dc5f4 commit 6e4b466ad5c3ea97568faa73a89fb8b2ca0ab514 @redpig redpig committed Aug 16, 2011
Showing with 1 addition and 0 deletions.
  1. +1 −0 chromeos/config/config.common.chromeos
View
1 chromeos/config/config.common.chromeos
@@ -887,6 +887,7 @@ CONFIG_MII=y
# CONFIG_MINIX_SUBPARTITION is not set
CONFIG_MISC_DEVICES=y
CONFIG_MISC_FILESYSTEMS=y
+CONFIG_MMAP_NOEXEC_TAINT=0
CONFIG_MMU=y
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set

0 comments on commit 6e4b466

Please sign in to comment.