From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Greg Troxel Newsgroups: gmane.lisp.guile.devel Subject: minor mmap protection issue Date: Mon, 24 Jun 2019 13:42:54 -0400 Message-ID: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="201673"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix) To: guile-devel@gnu.org Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Mon Jun 24 19:57:48 2019 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hfTDv-000qLi-TN for guile-devel@m.gmane.org; Mon, 24 Jun 2019 19:57:48 +0200 Original-Received: from localhost ([::1]:53568 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hfTDu-0007Y7-TR for guile-devel@m.gmane.org; Mon, 24 Jun 2019 13:57:46 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50073) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hfSze-0004Zm-US for guile-devel@gnu.org; Mon, 24 Jun 2019 13:43:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hfSzd-0000a0-Py for guile-devel@gnu.org; Mon, 24 Jun 2019 13:43:02 -0400 Original-Received: from s1.lexort.com ([71.19.148.97]:57820) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hfSzd-0000Uy-KO for guile-devel@gnu.org; Mon, 24 Jun 2019 13:43:01 -0400 Original-Received: by s1.lexort.com (Postfix, from userid 10853) id F367F4106A0; Mon, 24 Jun 2019 13:42:54 -0400 (EDT) OpenPGP: id=098ED60E X-detected-operating-system: by eggs.gnu.org: FreeBSD 8.x [fuzzy] X-Received-From: 71.19.148.97 X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.org gmane.lisp.guile.devel:19986 Archived-At: pkgsrc has the following patch for 2.2.5. At first glance it looks at least headed in the right direction, but I'd appreciate someone more familiar with the code looking and either making a corresponding fix or explaining the issue more. As I understand it, POSIX is a bit vague on this issue: https://pubs.opengroup.org/onlinepubs/9699919799/functions/mmap.html https://pubs.opengroup.org/onlinepubs/9699919799/functions/mprotect.html# but these are interfaces that originated in 4.2BSD and 4.4BSD. From mprotect on NetBSD 8, one can't expand a segment to writable that was not mapped writable at first. (This situation, broadly, seems wrapped up with W^X protection rules that don't play well with loading executable code form files.) Perhaps an immediate mprotect to read only is in order after PROT_WRITE. (I don't understand why files from which code is being loaded neeed writable mappings, but that's a special case of not understanding the loader. :-) $NetBSD: patch-libguile_loader.c,v 1.2 2019/06/23 09:14:58 wiz Exp $ Use correct mmap permissions for later PROT_WRITE mprotect. --- libguile/loader.c.orig 2018-01-08 16:21:04.790894906 +0000 +++ libguile/loader.c @@ -484,7 +484,7 @@ map_file_contents (int fd, size_t len, i char *data; #ifdef HAVE_SYS_MMAN_H - data = mmap (NULL, len, PROT_READ, MAP_PRIVATE, fd, 0); + data = mmap (NULL, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); if (data == MAP_FAILED) SCM_SYSERROR; *is_read_only = 1;