mirror of
https://github.com/RGBCube/serenity
synced 2025-07-10 11:47:35 +00:00
Kernel: Enforce W^X between sys$mmap() and sys$execve()
It's now an error to sys$mmap() a file as writable if it's currently mapped executable by anyone else. It's also an error to sys$execve() a file that's currently mapped writable by anyone else. This fixes a race condition vulnerability where one program could make modifications to an executable while another process was in the kernel, in the middle of exec'ing the same executable. Test: Kernel/elf-execve-mmap-race.cpp
This commit is contained in:
parent
7ea264a660
commit
862b3ccb4e
4 changed files with 183 additions and 22 deletions
|
@ -175,3 +175,23 @@ int InodeVMObject::release_all_clean_pages_impl()
|
|||
});
|
||||
return count;
|
||||
}
|
||||
|
||||
u32 InodeVMObject::writable_mappings() const
|
||||
{
|
||||
u32 count = 0;
|
||||
const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
|
||||
if (region.is_writable())
|
||||
++count;
|
||||
});
|
||||
return count;
|
||||
}
|
||||
|
||||
u32 InodeVMObject::executable_mappings() const
|
||||
{
|
||||
u32 count = 0;
|
||||
const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
|
||||
if (region.is_executable())
|
||||
++count;
|
||||
});
|
||||
return count;
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue