[pcre-dev] [Bug 1749] PCRE-JITted code should be executed fr…

Startseite
Nachricht löschen
Autor: admin
Datum:  
To: pcre-dev
Alte Treads: [pcre-dev] [Bug 1749] New: PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
Betreff: [pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction
https://bugs.exim.org/show_bug.cgi?id=1749

--- Comment #28 from Petr Pisar <ppisar@???> ---
I confirm it works even if SELinux is configured to deny RWX pages
(deny_execmem SELinux boolean set to 1).

Now to the mkstemp(). If you make /tmp nonwritable, JIT compilation fails with
"no more memory" because the allocator returns NULL.

Would make sense to try more locations than only /tmp? I think $TMPDIR
environment variable value, /tmp, /var/tmp, and ./ could be tried in this order
before giving up and returning NULL.

Also what's your opinion on the transparent fallback to non-JIT mode if JIT
allocation fails because of failed mkstemp()? I think returning
PCRE2_ERROR_JIT_BADOPTION instead of PCRE2_ERROR_NOMEMORY as outlined in the
"Attempt to propagate mprotect() failure" attachment would be good idea.

--
You are receiving this mail because:
You are on the CC list for the bug.