fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-01-04 15:45:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Kernel: Enforce W^X between sys$mmap() and sys$execve()

Browse Source 
It's now an error to sys$mmap() a file as writable if it's currently
mapped executable by anyone else.

It's also an error to sys$execve() a file that's currently mapped
writable by anyone else.

This fixes a race condition vulnerability where one program could make
modifications to an executable while another process was in the kernel,
in the middle of exec'ing the same executable.

Test: Kernel/elf-execve-mmap-race.cpp
This commit is contained in:
Andreas Kling
2020-01-18 23:31:29 +01:00
parent 7ea264a660
commit 862b3ccb4e
4 changed files with 183 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Kernel/VM/InodeVMObject.cpp
View File

@@ -175,3 +175,23 @@ int InodeVMObject::release_all_clean_pages_impl()
});
return count;
}
u32 InodeVMObject::writable_mappings() const
{
u32 count = 0;
const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
if (region.is_writable())
++count;
});
return count;
}
u32 InodeVMObject::executable_mappings() const
{
u32 count = 0;
const_cast<InodeVMObject&>(*this).for_each_region([&](auto& region) {
if (region.is_executable())
++count;
});
return count;
}