Re: [PATCH 1/2] No-exec support for ppc64

Mon, 14 Mar 2005 14:12:41 -0800 

On Mon, 14 Mar 2005 21:13:36 +1100
Paul Mackerras <[EMAIL PROTECTED]> wrote:

> Jake Moilanen writes:
> 
> > diff -puN fs/binfmt_elf.c~nx-user-ppc64 fs/binfmt_elf.c
> > --- linux-2.6-bk/fs/binfmt_elf.c~nx-user-ppc64      2005-03-08 16:08:54 
> > -06:00
> > +++ linux-2.6-bk-moilanen/fs/binfmt_elf.c   2005-03-08 16:08:54 -06:00
> > @@ -99,6 +99,8 @@ static int set_brk(unsigned long start, 
> >             up_write(&current->mm->mmap_sem);
> >             if (BAD_ADDR(addr))
> >                     return addr;
> > +
> > +           sys_mprotect(start, end-start, PROT_READ|PROT_WRITE|PROT_EXEC);
> 
> I don't think I can push that upstream.  What happens if you leave
> that out?

The bss and the plt are in the same segment, and plt obviously needs to
be executable.

Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
  [ 0]                   NULL            00000000 000000 000000 00      0   0  0
  [ 1] .interp           PROGBITS        10000154 000154 00000d 00   A  0   0  1
        ...
        ...
  [26] .plt              NOBITS          10013c5c 003c34 000210 00 WAX  0   0  4
  [27] .bss              NOBITS          10013e6c 003c34 000128 00  WA  0   0  4


 Segment Sections...
   00
   01     .interp
   02     .interp .note.ABI-tag .note.SuSE .hash .dynsym .dynstr .gnu.version 
.gnu.version_r .rela.dyn .rela.plt .init .text .fini .rodata
   03     .data .eh_frame .got2 .dynamic .ctors .dtors .jcr .got .sdata .sbss 
.plt .bss
   04     .dynamic
   05     .note.ABI-tag
   06     .note.SuSE
   07

Anton mentioned that Alan was considering putting plt into a new segment. 
 
> More generally, we are making a user-visible change, even for programs
> that aren't marked as having non-executable stack or heap, because we
> are now enforcing that the program can't execute from mappings that
> don't have PROT_EXEC.  Perhaps we should enforce the requirement for
> execute permission only on those programs that indicate somehow that
> they can handle it?

Unless a program is compiled w/ pt_gnu_stacks we will set the
READ_IMPLIES_EXEC personality and those applications should still
work as normal.

Jake
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to