Re: [PATCH v1 0/3] perf/binfmt/mm: remove in-tree usage of MAP_EXECUTABLE

From: Kees Cook
Date: Wed Apr 21 2021 - 15:21:44 EST


On Wed, Apr 21, 2021 at 02:03:49PM -0500, Eric W. Biederman wrote:
> David Hildenbrand <david@xxxxxxxxxx> writes:
>
> > Stumbling over the history of MAP_EXECUTABLE, I noticed that we still
> > have some in-tree users that we can get rid of.
> >
> > A good fit for the whole series could be Andrew's tree.
>
> In general this looks like a good cleanup.
>
> Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

Yeah, the PROT_EXEC parts are the only piece with meaning in the exec
allocations.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

> As far as I can see we can go after MAP_DENYWRITE the same way.
> Today deny_write_access in open_exec is what causes -ETXTBSY
> when attempting to write to file that is current executing.

Oh, interesting point. I didn't realize MAP_DENYWRITE was separate from
deny_write_access().

-Kees

--
Kees Cook