diff options
| -rw-r--r-- | Base/usr/share/man/man2/mount.md | 1 | ||||
| -rw-r--r-- | Kernel/API/POSIX/unistd.h | 1 | ||||
| -rw-r--r-- | Kernel/Syscalls/mmap.cpp | 2 | ||||
| -rw-r--r-- | Userland/Applications/SystemMonitor/main.cpp | 1 | ||||
| -rw-r--r-- | Userland/Utilities/mount.cpp | 4 |
5 files changed, 8 insertions, 1 deletions
diff --git a/Base/usr/share/man/man2/mount.md b/Base/usr/share/man/man2/mount.md index 9953b2dbb4..0dd9c99a41 100644 --- a/Base/usr/share/man/man2/mount.md +++ b/Base/usr/share/man/man2/mount.md @@ -38,6 +38,7 @@ The following `flags` are supported: * `MS_RDONLY`: Mount the filesystem read-only. * `MS_REMOUNT`: Remount an already mounted filesystem (see below). * `MS_WXALLOWED`: Allow W^X protection circumvention for executables on this file system. +* `MS_AXALLOWED`: Allow anonymous executable mappings for executables on this file system. These flags can be used as a security measure to limit the possible abuses of the newly mounted file system. diff --git a/Kernel/API/POSIX/unistd.h b/Kernel/API/POSIX/unistd.h index db26821fba..efa35bce14 100644 --- a/Kernel/API/POSIX/unistd.h +++ b/Kernel/API/POSIX/unistd.h @@ -28,6 +28,7 @@ extern "C" { #define MS_RDONLY (1 << 4) #define MS_REMOUNT (1 << 5) #define MS_WXALLOWED (1 << 6) +#define MS_AXALLOWED (1 << 7) enum { _SC_MONOTONIC_CLOCK, diff --git a/Kernel/Syscalls/mmap.cpp b/Kernel/Syscalls/mmap.cpp index 94d9ada8b2..998f4b1de5 100644 --- a/Kernel/Syscalls/mmap.cpp +++ b/Kernel/Syscalls/mmap.cpp @@ -75,7 +75,7 @@ ErrorOr<void> Process::validate_mmap_prot(int prot, bool map_stack, bool map_ano bool make_writable = prot & PROT_WRITE; bool make_executable = prot & PROT_EXEC; - if (map_anonymous && make_executable) + if (map_anonymous && make_executable && !(executable()->mount_flags() & MS_AXALLOWED)) return EINVAL; if (map_stack && make_executable) diff --git a/Userland/Applications/SystemMonitor/main.cpp b/Userland/Applications/SystemMonitor/main.cpp index a97f4c3a12..98065b3599 100644 --- a/Userland/Applications/SystemMonitor/main.cpp +++ b/Userland/Applications/SystemMonitor/main.cpp @@ -287,6 +287,7 @@ public: check(MS_BIND, "bind"); check(MS_RDONLY, "ro"); check(MS_WXALLOWED, "wxallowed"); + check(MS_AXALLOWED, "axallowed"); if (builder.string_view().is_empty()) return String("defaults"); return builder.to_string(); diff --git a/Userland/Utilities/mount.cpp b/Userland/Utilities/mount.cpp index 8479d7b5fb..ac19c70e92 100644 --- a/Userland/Utilities/mount.cpp +++ b/Userland/Utilities/mount.cpp @@ -38,6 +38,8 @@ static int parse_options(StringView options) flags |= MS_REMOUNT; else if (part == "wxallowed") flags |= MS_WXALLOWED; + else if (part == "axallowed") + flags |= MS_AXALLOWED; else warnln("Ignoring invalid option: {}", part); } @@ -180,6 +182,8 @@ static ErrorOr<void> print_mounts() out(",bind"); if (mount_flags & MS_WXALLOWED) out(",wxallowed"); + if (mount_flags & MS_AXALLOWED) + out(",axallowed"); outln(")"); }); |