Identify W^X labelled binaries at execve() time based upon WX_OPENBSD_WXNEEDED

flag set by ld -zwxneeded.  Such binaries are allowed to run only on wxallowed
mountpoints.  They do not report mmap/mprotect problems.

Rate limit mmap/mprotect reports from other binaries.

These semantics are chosen to encourage progress in the ports ecosystem,
without overwhelming the developers who work in the area.
ok sthen kettenis

1 files changed, 19 insertions, 1 deletions

diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c
index f0093ea45fd..2bf3ce991ec 100644
--- a/sys/kern/exec_elf.c
+++ b/sys/kern/exec_elf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exec_elf.c,v 1.123 2016/05/30 21:25:48 deraadt Exp $	*/
+/*	$OpenBSD: exec_elf.c,v 1.124 2016/05/30 21:31:29 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996 Per Fogelstrom
@@ -76,6 +76,7 @@
 #include <sys/namei.h>
 #include <sys/vnode.h>
 #include <sys/core.h>
+#include <sys/syslog.h>
 #include <sys/exec.h>
 #include <sys/exec_elf.h>
 #include <sys/file.h>
@@ -880,6 +881,23 @@ ELFNAME(os_pt_note)(struct proc *p, struct exec_package *epp, Elf_Ehdr *eh,
 		goto out1;
 
 	for (ph = hph;  ph < &hph[eh->e_phnum]; ph++) {
+		if (ph->p_type == PT_OPENBSD_WXNEEDED) {
+			int wxallowed = (epp->ep_vp->v_mount &&
+			    (epp->ep_vp->v_mount->mnt_flag & MNT_WXALLOWED));
+			
+			if (!wxallowed) {
+				log(LOG_NOTICE,
+				    "%s(%d): W^X binary outside wxallowed mountpoint\n",
+				    epp->ep_name, p->p_pid);
+				error = ENOEXEC;
+				goto out1;
+			}
+			epp->ep_flags |= EXEC_WXNEEDED;
+			break;
+		}
+	}
+
+	for (ph = hph;  ph < &hph[eh->e_phnum]; ph++) {
 		if (ph->p_type != PT_NOTE ||
 		    ph->p_filesz > 1024 ||
 		    ph->p_filesz < sizeof(Elf_Note) + name_size)