[pcre-dev] [Bug 1749] PCRE-JITted code should be executed fr…

トップ ページ
このメッセージを削除
著者: admin
日付:  
To: pcre-dev
古いトピック: [pcre-dev] [Bug 1749] New: PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
題目: [pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
https://bugs.exim.org/show_bug.cgi?id=1749

--- Comment #16 from Petr Pisar <ppisar@???> ---
I tried the code. It indeed stopped using pages with both PROT_WRITE and
PROT_EXEC, but it still does not work with restricting SELinux:

mmap(NULL, 788, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bc000
mprotect(0x7f88c47bc000, 543, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2331, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bb000
mprotect(0x7f88c47bb000, 1484, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2069, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47ba000
mprotect(0x7f88c47ba000, 1253, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x7f88c47bc008} ---
+++ killed by SIGSEGV (core dumped) +++

And it segfaults because mprotect() return value is not checked and it jumps
into a non-executable page.

--
You are receiving this mail because:
You are on the CC list for the bug.