On Wed, Jan 14, 2026 at 10:22:10AM +0100, Janne Johansson wrote:
> > And since I'm bringing this up, there's also this:
> > https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/107
> > Obviously, the link there is for HardenedBSD but the script seems to work
> > the same on OpenBSD as well.
>
> No, it fails on pinsyscalls.
>
> But I was also under the impression that OpenBSD which does not sync
> mmap()ed file contents and open/read/write()s would be less
> susceptible to this kind of trickery just on general principle.
The problem with that code is that first the mmap happens, then the file is
written, then finally the memory in that mmap region is accessed.
This access will cause a fault that will finally read the data from the
file and put it into the buffer. Now the data was modified before so the
current contents show up.
The man page is kind of clear about this:
MAP_PRIVATE Modifications are private.
Modifications are private (as in changes to the mmap region are private).
It does not mean that modifications to the original file are invisible for
that you need to first read all contents and modify them all. At that
point you hold a full copy in anonimous memory.
--
:wq Claudio
