kern/64573: mmap with PROT_NONE, but still could be read
Mark W. Krentel
krentel at dreamscape.com
Wed Apr 14 23:12:16 PDT 2004
I'm concerned that my previous message was misleading, so let me
clarify one point. IEEE Std 1003.1-2003 on mmap() does say:
If an implementation cannot support the combination of access types
specified by prot, the call to mmap() shall fail.
But that doesn't mean that if the OS can't support the precise
combination of protection options that mmap() must fail. mmap() may
add other access beyond what is requested. In the RATIONALE section,
two cases are handled explicitly:
implementations are required to disallow write access to mappings
without write permission and to disallow access to mappings without
any access permission.
But in general:
Other than these restrictions, implementations may allow access types
other than those requested by the application. For example, if the
application requests only PROT_WRITE, the implementation may also
allow read access.
See: http://www.opengroup.org/onlinepubs/007904975/functions/mmap.html
So, to summarize: (1) the OS must allow all access that is explicitly
requested, (2) it may add extra access, except (3) it must not allow
write access without PROT_WRITE and it must disallow all access if
PROT_NONE is given alone. And if it can't do that, then mmap() should
fail.
Sorry if my previous message was unclear or misleading.
--Mark
More information about the freebsd-bugs
mailing list