diff options
| author |   deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
| commit | 9f25ea0444789356f96f36dfcfb511298f4ea099 (patch) | |
| tree | aafbce4074a5cde5dbdc3c3a5324bee65ac5545d /sbin | |
| parent | Use getprogname() instead of __progname to make portability easier. (diff) | |
| download | wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.tar.xz wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.zip | |
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/mount/mntopts.h | 3 | ||||
| -rw-r--r-- | sbin/mount/mount.8 | 15 | ||||
| -rw-r--r-- | sbin/mount/mount.c | 3 | ||||
| -rw-r--r-- | sbin/mount_ffs/mount_ffs.c | 3 | ||||
| -rw-r--r-- | sbin/mount_nfs/mount_nfs.c | 3 |
5 files changed, 21 insertions, 6 deletions
diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h index da0ea3f6f10..6c51ed72155 100644 --- a/sbin/mount/mntopts.h +++ b/sbin/mount/mntopts.h @@ -1,4 +1,4 @@ -/* $OpenBSD: mntopts.h,v 1.16 2014/07/13 12:01:30 claudio Exp $ */ +/* $OpenBSD: mntopts.h,v 1.17 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mntopts.h,v 1.3 1995/03/18 14:56:59 cgd Exp $ */ /*- @@ -58,6 +58,7 @@ union mntval { #define MOPT_NODEV { "dev", MNT_NODEV, MFLAG_INVERSE | MFLAG_SET } #define MOPT_NOEXEC { "exec", MNT_NOEXEC, MFLAG_INVERSE | MFLAG_SET } #define MOPT_NOSUID { "suid", MNT_NOSUID, MFLAG_INVERSE | MFLAG_SET } +#define MOPT_WXALLOWED { "wxallowed", MNT_WXALLOWED, MFLAG_SET } #define MOPT_RDONLY { "rdonly", MNT_RDONLY, MFLAG_SET } #define MOPT_SYNC { "sync", MNT_SYNCHRONOUS, MFLAG_SET } #define MOPT_USERQUOTA { "userquota", 0, MFLAG_SET | MFLAG_STRVAL \ diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index 3a2e9e63fce..2a0ccb7d0e3 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount.8,v 1.77 2014/09/08 04:40:30 doug Exp $ +.\" $OpenBSD: mount.8,v 1.78 2016/05/27 19:45:04 deraadt Exp $ .\" $NetBSD: mount.8,v 1.11 1995/07/12 06:23:21 cgd Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)mount.8 8.7 (Berkeley) 3/27/94 .\" -.Dd $Mdocdate: September 8 2014 $ +.Dd $Mdocdate: May 27 2016 $ .Dt MOUNT 8 .Os .Sh NAME @@ -234,6 +234,17 @@ are mutually exclusive. .It sync Regular data I/O to the file system should be done synchronously. By default, only metadata is read/written synchronously. +.It wxallowed +Processes that ask for memory to be made writeable plus executable +using the +.Xr mmap 2 +and +.Xr mprotect 2 +system calls are killed by default. +This option allows those processes to continue operation. +The option is typically used on the +.Pa /usr/local +filesystem. .It update The same as .Fl u ; diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c index 01463a3855f..4758d441a7a 100644 --- a/sbin/mount/mount.c +++ b/sbin/mount/mount.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount.c,v 1.63 2016/05/25 13:56:37 deraadt Exp $ */ +/* $OpenBSD: mount.c,v 1.64 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mount.c,v 1.24 1995/11/18 03:34:29 cgd Exp $ */ /* @@ -88,6 +88,7 @@ static struct opt { { MNT_NODEV, 0, "nodev", "nodev" }, { MNT_NOEXEC, 0, "noexec", "noexec" }, { MNT_NOSUID, 0, "nosuid", "nosuid" }, + { MNT_WXALLOWED, 0, "wxallowed", "wxallowed" }, { MNT_QUOTA, 0, "with quotas", "" }, { MNT_RDONLY, 0, "read-only", "ro" }, { MNT_ROOTFS, 1, "root file system", "" }, diff --git a/sbin/mount_ffs/mount_ffs.c b/sbin/mount_ffs/mount_ffs.c index f2c5ee2568a..98b8ad795cc 100644 --- a/sbin/mount_ffs/mount_ffs.c +++ b/sbin/mount_ffs/mount_ffs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_ffs.c,v 1.22 2015/12/08 15:56:42 tedu Exp $ */ +/* $OpenBSD: mount_ffs.c,v 1.23 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mount_ffs.c,v 1.3 1996/04/13 01:31:19 jtc Exp $ */ /*- @@ -47,6 +47,7 @@ void ffs_usage(void); static const struct mntopt mopts[] = { MOPT_STDOPTS, + MOPT_WXALLOWED, MOPT_ASYNC, MOPT_SYNC, MOPT_UPDATE, diff --git a/sbin/mount_nfs/mount_nfs.c b/sbin/mount_nfs/mount_nfs.c index 8d3094a8fa9..21b4cc54e77 100644 --- a/sbin/mount_nfs/mount_nfs.c +++ b/sbin/mount_nfs/mount_nfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_nfs.c,v 1.52 2015/01/16 06:39:59 deraadt Exp $ */ +/* $OpenBSD: mount_nfs.c,v 1.53 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: mount_nfs.c,v 1.12.4.1 1996/05/25 22:48:05 fvdl Exp $ */ /* @@ -85,6 +85,7 @@ const struct mntopt mopts[] = { MOPT_STDOPTS, + MOPT_WXALLOWED, MOPT_FORCE, MOPT_UPDATE, MOPT_SYNC, |