RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 15:57:45 +00:00
Code Issues Activity Actions

Kernel: Enforce W^X between sys$mmap() and sys$execve()

Browse source 
It's now an error to sys$mmap() a file as writable if it's currently
mapped executable by anyone else.

It's also an error to sys$execve() a file that's currently mapped
writable by anyone else.

This fixes a race condition vulnerability where one program could make
modifications to an executable while another process was in the kernel,
in the middle of exec'ing the same executable.

Test: Kernel/elf-execve-mmap-race.cpp
This commit is contained in:
Andreas Kling 2020-01-18 23:31:29 +01:00
parent 7ea264a660
commit 862b3ccb4e
4 changed files with 183 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Kernel/VM/InodeVMObject.h
View file

@ -47,6 +47,9 @@ public:
int release_all_clean_pages();
u32 writable_mappings() const;
u32 executable_mappings() const;
private:
explicit InodeVMObject(Inode&, size_t);
explicit InodeVMObject(const InodeVMObject&);