On 2016/05/21 16:58, Theo de Raadt wrote:
> Isn't it shameful that this is required?
Indeed.
Why should only kernels that absolutely forbid the mappings
get this?
When it checks how it should do the mapping it is careful to
make sure that as few people get the protection as possible.
There's also an internal copy of libffi in ports/lang/gcc,
I haven't got that far in my bulk build to know if it needs
similar treatment yet.
...
if (statfs ("/selinux", &sfs) >= 0
&& (unsigned int) sfs.f_type == 0xf97cff8cU)
return 1;
f = fopen ("/proc/mounts", "r");
if (f == NULL)
return 0;
while (getline (&buf, &len, f) >= 0)
{
char *p = strchr (buf, ' ');
if (p == NULL)
break;
p = strchr (p + 1, ' ');
if (p == NULL)
break;
if (strncmp (p + 1, "selinuxfs ", 10) == 0)
...
f = fopen ("/proc/self/status", "r");
if (f == NULL)
return 0;
ret = 0;
while (getline (&buf, &len, f) != -1)
if (!strncmp (buf, "PaX:", 4))
{
char emutramp;
if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
ret = (emutramp == 'E');
break;
