Date: Fri, 5 Feb 1999 13:05:03 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: John Polstra <jdp@polstra.com> Cc: committers@FreeBSD.ORG Subject: Re: cvs commit: src/sys/vm vm_unix.c Message-ID: <199902052105.NAA99296@apollo.backplane.com> References: <199902051827.KAA22713@vashon.polstra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:Wouldn't this change break things like just-in-time compilers, if
:it weren't for the quirk that our currently-supported architectures
:ignore VM_PROT_EXECUTE?
:
:I think it would be more correct to take the opposite approach and
:make the ELF loader use VM_PROT_ALL. That's what is done for a.out.
:I believe the stack already needs to be VM_PROT_ALL, because of the
:signal trampoline code.
:
:I think we should change the ELF loader and RTLD to grant execute
:permission whenever read permission is present. I'm willing to do
:the work if there's agreement.
:
:John
:--
: John Polstra jdp@polstra.com
It shouldn't have an effect, simply because IA32 does not have
an execute flag in its pte. Also, dynamic loaders and ( I expect )
JIT compilers use mmap() to allocate space. Using malloc()
is rather dangerous since you can't be sure that the memory is
pristine from the point of view of the instruction cache.
Plus, a JIT compiler would also use mprotect().
So, given all of that plus the fact that the 'default' should
be 'more secure' rather then 'less secure', I think it makes
more sense to use VM_PROT_READ/WRITE rather then VM_PROT_ALL.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902052105.NAA99296>