Please sign in to comment.
CHROMIUM: mmap, sysctl: add sysctl for controlling VM_MAYEXEC taint
This patch proposes a sysctl knob that allows a privileged user to disable ~VM_MAYEXEC tainting when mapping in a vma from a MNT_NOEXEC mountpoint. It does not alter the normal behavior resulting from attempting to directly mmap(PROT_EXEC) a vma (-EPERM) nor the behavior of any other subsystems checking MNT_NOEXEC. It is motivated by a common /dev/shm, /tmp usecase. There are few facilities for creating a shared memory segment that can be remapped in the same process address space with different permissions. Often, a file in /tmp provides this functionality. However, on distributions that are more restrictive/paranoid, world-writeable directories are often mounted "noexec". The only workaround to support software that needs this behavior is to either not use that software or remount /tmp exec. (E.g., https://bugs.gentoo.org/350336?id=350336) Given that the only recourse is using SysV IPC, the application programmer loses many of the useful ABI features that they get using a mmap'd file. With this patch, it would be possible to change the sysctl variable such that mprotect(PROT_EXEC) would succeed. In cases like the example above, an additional userspace mmap-wrapper would be needed, but in other cases, like how code.google.com/p/nativeclient mmap()s then mprotect()s, the behavior would be unaffected. The tradeoff is a loss of defense in depth, but it seems reasonable when the alternative is frequently to disable the defense entirely. (There are many other ways to approach this problem, but this seemed to be the most practical and feel the least like a hack or a major change.) Signed-off-by: Will Drewry <email@example.com> BUG=chromium-os:19221,native-client:1883 TEST=built x86, booted, ran sysctl -w vm.mmap_noexec_taint=0 run mmap_tester.c from issue such that it uses mprotect. Change-Id: I1e13adc0d9e8fdb1a0027a2e715557f4aff1b283 Reviewed-on: http://gerrit.chromium.org/gerrit/6007 Reviewed-by: <firstname.lastname@example.org> Reviewed-by: Roland McGrath <email@example.com> Reviewed-by: Mandeep Singh Baines <firstname.lastname@example.org> Tested-by: Will Drewry <email@example.com>
- Loading branch information...
Showing with 32 additions and 1 deletion.