https://bugs.exim.org/show_bug.cgi?id=1749
--- Comment #16 from Petr Pisar <ppisar@???> ---
I tried the code. It indeed stopped using pages with both PROT_WRITE and
PROT_EXEC, but it still does not work with restricting SELinux:
mmap(NULL, 788, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bc000
mprotect(0x7f88c47bc000, 543, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2331, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bb000
mprotect(0x7f88c47bb000, 1484, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2069, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47ba000
mprotect(0x7f88c47ba000, 1253, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x7f88c47bc008} ---
+++ killed by SIGSEGV (core dumped) +++
And it segfaults because mprotect() return value is not checked and it jumps
into a non-executable page.
--
You are receiving this mail because:
You are on the CC list for the bug.
