diff options
author | Rich Felker <dalias@aerifal.cx> | 2012-05-04 22:51:59 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2012-05-04 22:51:59 -0400 |
commit | 7e4d79464adc3140b03f6e92a902d061c99b9ebe (patch) | |
tree | 9ba88cd3bcefe5bb23234c21de44dbc550d779d6 /src | |
parent | f8e054f95197bf9c4463122fba3ebc586d4a99f6 (diff) | |
download | musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.tar.gz musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.tar.bz2 musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.tar.xz musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.zip |
make pthread stacks non-executable
this change is necessary or pthread_create will always fail on
security-hardened kernels. i considered first trying to make the stack
executable and simply retrying without execute permissions when the
first try fails, but (1) this would incur a serious performance
penalty on hardened systems, and (2) having the stack be executable is
just a bad idea from a security standpoint.
if there is real-world "GNU C" code that uses nested functions with
threads, and it can't be fixed, we'll have to consider other ways of
solving the problem, but for now this seems like the best fix.
Diffstat (limited to 'src')
-rw-r--r-- | src/thread/pthread_create.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c index c3b65ae9..917be54f 100644 --- a/src/thread/pthread_create.c +++ b/src/thread/pthread_create.c @@ -104,7 +104,7 @@ int pthread_create(pthread_t *res, const pthread_attr_t *attr, void *(*entry)(vo size = guard + ROUND(attr->_a_stacksize + DEFAULT_STACK_SIZE); } size += __pthread_tsd_size; - map = mmap(0, size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0); + map = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); if (map == MAP_FAILED) return EAGAIN; if (guard) mprotect(map, guard, PROT_NONE); |