[pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction

admin Fri, 16 Dec 2016 02:32:30 -0800

https://bugs.exim.org/show_bug.cgi?id=1749


--- Comment #16 from Petr Pisar <ppi...@redhat.com> ---
I tried the code. It indeed stopped using pages with both PROT_WRITE and
PROT_EXEC, but it still does not work with restricting SELinux:

mmap(NULL, 788, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bc000
mprotect(0x7f88c47bc000, 543, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2331, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47bb000
mprotect(0x7f88c47bb000, 1484, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
mmap(NULL, 2069, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f88c47ba000
mprotect(0x7f88c47ba000, 1253, PROT_READ|PROT_EXEC) = -1 EACCES (Permission
denied)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x7f88c47bc008} ---
+++ killed by SIGSEGV (core dumped) +++

And it segfaults because mprotect() return value is not checked and it jumps
into a non-executable page.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-- 
## List details at https://lists.exim.org/mailman/listinfo/pcre-dev

[pcre-dev] [Bug 1749] PCRE-JITted code should be executed from non-writable memory to obey execmem SELinux restriction

Reply via email to