Executing from readablee, no-exec pages

Segher Boessenkool segher at kernel.crashing.org
Fri Jul 6 23:36:36 EST 2007


>> As revealed by the recent "Prevent data exception in kernel space"
>> patch, versions of glibc prior to 2.4[1] assume that, on  
>> powerpc32, they
>> can execute out of any readable mapping, regardless of whether it is
>> marked for execution.  This happens in the elf_machine_load_address()
>> function.
>
> Umm, are you sure about this? The "prevent data exception in kernel
> space" patch came from a test program I had that attempted to  
> execute a
> page with /no permissions/ at all!

I haven't looked at the code path in detail, but I believe Scott's
analysis is correct.  The kernel would merrily let a program run
code from a page without execute permission (so also from a page
without any permissions at all); not anymore, after my patch.

Programs relying on this behaviour are obviously buggy, but the
problem is that one of these broken programs is glibc, at least
some not-all-that-new but also not-all-that-old versions.

> I know that I used to have problems with mono making this  
> assumption but
> these have since been fixed; however if I understand you correctly  
> then
> you can always pre-fault the page by a read and then execute it so I
> don't see the point in not doing the change you suggest.

Too many negatives, I don't see which way you're arguing :-)

I think you're saying to treat read access as including execute
access?  I believe that would be too permissive here.

Anyway, let's first decide what is the right thing to do, and
only then look at the code ;-)


Segher




More information about the Linuxppc-dev mailing list