mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 15:57:45 +00:00
Kernel: Enforce W^X between sys$mmap() and sys$execve()
It's now an error to sys$mmap() a file as writable if it's currently mapped executable by anyone else. It's also an error to sys$execve() a file that's currently mapped writable by anyone else. This fixes a race condition vulnerability where one program could make modifications to an executable while another process was in the kernel, in the middle of exec'ing the same executable. Test: Kernel/elf-execve-mmap-race.cpp
This commit is contained in:
parent
7ea264a660
commit
862b3ccb4e
4 changed files with 183 additions and 22 deletions
|
@ -47,6 +47,9 @@ public:
|
|||
|
||||
int release_all_clean_pages();
|
||||
|
||||
u32 writable_mappings() const;
|
||||
u32 executable_mappings() const;
|
||||
|
||||
private:
|
||||
explicit InodeVMObject(Inode&, size_t);
|
||||
explicit InodeVMObject(const InodeVMObject&);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue