When mmap-ing a file from a noexec mount, be sure not to grant the right

to mmap it PROT_EXEC. This also depends on the architecture, as some architextures (e.g. i386) do not distinguish between read and exec pages Inspired by: http://linux.bkbits.net:8080/linux-2.4/cset@1.1267.1.85 Reviewed by: alc
author: guido <guido@FreeBSD.org> 2004-03-18 20:58:51 +0000
committer: guido <guido@FreeBSD.org> 2004-03-18 20:58:51 +0000
commit: 365db5dd01b85276d53134f9ea822f82253fba23 (patch)
tree: ca4397c35f90c0e388bb6ae52f153c0faa130189 /sys
parent: 12c28227775bffc834e599b852c0f92a43a634b0 (diff)
download: FreeBSD-src-365db5dd01b85276d53134f9ea822f82253fba23.zip
FreeBSD-src-365db5dd01b85276d53134f9ea822f82253fba23.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index becc0e8..380f086 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -65,6 +65,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/file.h>
 #include <sys/mac.h>
 #include <sys/mman.h>
+#include <sys/mount.h>
 #include <sys/conf.h>
 #include <sys/stat.h>
 #include <sys/vmmeter.h>
@@ -323,7 +324,10 @@ mmap(td, uap)
 		 * credentials do we use for determination? What if
 		 * proc does a setuid?
 		 */
-		maxprot = VM_PROT_EXECUTE;	/* ??? */
+		if (vp->v_mount->mnt_flag & MNT_NOEXEC)
+			maxprot = VM_PROT_NONE;
+		else
+			maxprot = VM_PROT_EXECUTE;
 		if (fp->f_flag & FREAD) {
 			maxprot |= VM_PROT_READ;
 		} else if (prot & PROT_READ) {
author	guido <guido@FreeBSD.org>	2004-03-18 20:58:51 +0000
committer	guido <guido@FreeBSD.org>	2004-03-18 20:58:51 +0000
commit	365db5dd01b85276d53134f9ea822f82253fba23 (patch)
tree	ca4397c35f90c0e388bb6ae52f153c0faa130189 /sys
parent	12c28227775bffc834e599b852c0f92a43a634b0 (diff)
download	FreeBSD-src-365db5dd01b85276d53134f9ea822f82253fba23.zip FreeBSD-src-365db5dd01b85276d53134f9ea822f82253fba23.tar.gz