serenity

RGBCube/serenity

Fork 0

mirror of https://github.com/RGBCube/serenity synced 2025-05-23 11:45:06 +00:00

Commit graph

Author	SHA1	Message	Date
Andreas Kling	862b3ccb4e	Kernel: Enforce W^X between sys$mmap() and sys$execve() It's now an error to sys$mmap() a file as writable if it's currently mapped executable by anyone else. It's also an error to sys$execve() a file that's currently mapped writable by anyone else. This fixes a race condition vulnerability where one program could make modifications to an executable while another process was in the kernel, in the middle of exec'ing the same executable. Test: Kernel/elf-execve-mmap-race.cpp	2020-01-18 23:40:12 +01:00

Author

SHA1

Message

Date

Andreas Kling

862b3ccb4e

Kernel: Enforce W^X between sys$mmap() and sys$execve()

It's now an error to sys$mmap() a file as writable if it's currently
mapped executable by anyone else.

It's also an error to sys$execve() a file that's currently mapped
writable by anyone else.

This fixes a race condition vulnerability where one program could make
modifications to an executable while another process was in the kernel,
in the middle of exec'ing the same executable.

Test: Kernel/elf-execve-mmap-race.cpp

2020-01-18 23:40:12 +01:00

1 commit