diff options
| author |   deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2016-05-27 19:45:04 +0000 |
| commit | 9f25ea0444789356f96f36dfcfb511298f4ea099 (patch) | |
| tree | aafbce4074a5cde5dbdc3c3a5324bee65ac5545d /sys/kern | |
| parent | Use getprogname() instead of __progname to make portability easier. (diff) | |
| download | wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.tar.xz wireguard-openbsd-9f25ea0444789356f96f36dfcfb511298f4ea099.zip | |
W^X violations are no longer permitted by default. A kernel log message
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_sysctl.c | 5 | ||||
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 6 |
2 files changed, 7 insertions, 4 deletions
diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index b3c854376fe..24c783637e2 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sysctl.c,v 1.304 2016/05/23 15:59:19 deraadt Exp $ */ +/* $OpenBSD: kern_sysctl.c,v 1.305 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */ /*- @@ -278,6 +278,7 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, extern int usermount, nosuidcoredump; extern int maxlocksperuid; extern int pool_debug; + extern int uvm_wxabort; /* all sysctl names at this level are terminal except a ton of them */ if (namelen != 1) { @@ -590,6 +591,8 @@ kern_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp, } return(0); } + case KERN_WXABORT: + return (sysctl_int(oldp, oldlenp, newp, newlen, &uvm_wxabort)); case KERN_CONSDEV: if (cn_tab != NULL) dev = cn_tab->cn_dev; diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 7a0aa126a59..6798f32f8a5 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.254 2016/05/15 05:04:28 semarie Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.255 2016/05/27 19:45:04 deraadt Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -252,10 +252,10 @@ update: mp->mnt_flag |= MNT_RDONLY; else if (mp->mnt_flag & MNT_RDONLY) mp->mnt_flag |= MNT_WANTRDWR; - mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_NODEV | + mp->mnt_flag &=~ (MNT_NOSUID | MNT_NOEXEC | MNT_WXALLOWED | MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_SOFTDEP | MNT_NOATIME | MNT_FORCE); - mp->mnt_flag |= flags & (MNT_NOSUID | MNT_NOEXEC | + mp->mnt_flag |= flags & (MNT_NOSUID | MNT_NOEXEC | MNT_WXALLOWED | MNT_NODEV | MNT_SYNCHRONOUS | MNT_ASYNC | MNT_SOFTDEP | MNT_NOATIME | MNT_FORCE); /* |