svn commit: r313967 - in head/sys: fs/devfs kern

Konstantin Belousov kib at FreeBSD.org
Sun Feb 19 20:51:06 UTC 2017 

Author: kib
Date: Sun Feb 19 20:51:04 2017
New Revision: 313967
URL: https://svnweb.freebsd.org/changeset/base/313967

Log:
  Apply noexec mount option for mmap(PROT_EXEC).
  
  Right now the noexec mount option disallows image activators to try
  execve the files on the mount point.  Also, after r127187, noexec
  also limits max_prot map entries permissions for mappings of files
  from such mounts, but not the actual mapping permissions.
  
  As result, the API behaviour is inconsistent.  The files from noexec
  mount can be mapped with PROT_EXEC, but if mprotect(2) drops execution
  permission, it cannot be re-enabled later.  Make this consistent
  logically and aligned with behaviour of other systems, by disallowing
  PROT_EXEC for mmap(2).
  
  Note that this change only ensures aligned results from mmap(2) and
  mprotect(2), it does not prevent actual code execution from files
  coming from noexec mount.  Such files can always be read into
  anonymous executable memory and executed from there.
  
  Reported by:	shamaz.mazum at gmail.com
  PR:	217062
  Reviewed by:	alc
  Sponsored by:	The FreeBSD Foundation
  MFC after:	1 week

Modified:
  head/sys/fs/devfs/devfs_vnops.c
  head/sys/kern/vfs_vnops.c

Modified: head/sys/fs/devfs/devfs_vnops.c
==============================================================================
--- head/sys/fs/devfs/devfs_vnops.c	Sun Feb 19 20:40:07 2017	(r313966)
+++ head/sys/fs/devfs/devfs_vnops.c	Sun Feb 19 20:51:04 2017	(r313967)
@@ -1803,9 +1803,11 @@ devfs_mmap_f(struct file *fp, vm_map_t m
 	 * compatible.
 	 */
 	mp = vp->v_mount;
-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
 		maxprot = VM_PROT_NONE;
-	else
+		if ((prot & VM_PROT_EXECUTE) != 0)
+			return (EACCES);
+	} else
 		maxprot = VM_PROT_EXECUTE;
 	if ((fp->f_flag & FREAD) != 0)
 		maxprot |= VM_PROT_READ;

Modified: head/sys/kern/vfs_vnops.c
==============================================================================
--- head/sys/kern/vfs_vnops.c	Sun Feb 19 20:40:07 2017	(r313966)
+++ head/sys/kern/vfs_vnops.c	Sun Feb 19 20:51:04 2017	(r313967)
@@ -2430,9 +2430,11 @@ vn_mmap(struct file *fp, vm_map_t map, v
 	 * proc does a setuid?
 	 */
 	mp = vp->v_mount;
-	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0)
+	if (mp != NULL && (mp->mnt_flag & MNT_NOEXEC) != 0) {
 		maxprot = VM_PROT_NONE;
-	else
+		if ((prot & VM_PROT_EXECUTE) != 0)
+			return (EACCES);
+	} else
 		maxprot = VM_PROT_EXECUTE;
 	if ((fp->f_flag & FREAD) != 0)
 		maxprot |= VM_PROT_READ;

More information about the svn-src-all mailing list