[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] malloc and mmap vs. "-run"

From: Fabrice Bellard
Subject: Re: [Tinycc-devel] malloc and mmap vs. "-run"
Date: Fri, 27 Oct 2006 22:15:44 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913

Fred Weigel wrote:

In my understanding, SELinux (and other current practice) NEVER allows
malloc() memory to be executable. The Linux mmap model allows the
execute bit to be enabled for malloc memory, but this is a deviation
from POSIX.

Memory that is to be executable should be obtained from mmap(). Also, it
should NOT be writable (otherwise, another SELinux exception will be
triggered). This means that the memory must be mapped twice -- once to
execute, and once to write.

This is the issue that is causing TCC to not do the "-run" on Fedora
Core 5. As soon as the new "main()" is called (attempted), an access
violation is raised (and correctly so -- this may have been an attempted
buffer overrun exploit, etc.).

As I see it, we have several ways out: (1) "-run" creates an executable
which is then run via normal exec() semantics. This is an "easy" fix.
(2) Modify the entire compiler to use mmap() semantics rather than
malloc(). (3) Leave the malloc() semantics in place, and do a final copy
when tcc_run() is executed. This final copy is to mmap() memory, with
the correct permissions.

I am leaning toward solution (3) -- it is POSIX compliant, and Fedora
Core compliant, and shouldn't break existing systems. It is also
isolated enough that a conditional compilation can be put around it.

What do you think?

Using mmap() for ELF section allocation could be doable, provided mremap() is used to grow them.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]