Hi Florent, On Wed, Oct 11, 2023 at 01:47:44PM +0200, Florent Revest wrote: > Memory-Deny-Write-Execute is a W^X process control originally introduced > by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag. > > Signed-off-by: Florent Revest <revest@xxxxxxxxxxxx> > --- Patch applied. <https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=457ca4a9ae3eae9835a5c011851c4eb88b49d322> Thanks, Alex > > Diff since v1: > - Use semantic newlines > - Document that PR_MDWE_NO_INHERIT requires PR_MDWE_REFUSE_EXEC_GAIN > - Use "bit mask" instead of "bitmask" according to the style guide > - Removed an empty comment line > > man2/prctl.2 | 30 ++++++++++++++++++++++++++++++ > 1 file changed, 30 insertions(+) > > diff --git a/man2/prctl.2 b/man2/prctl.2 > index d845b0905..83060edd9 100644 > --- a/man2/prctl.2 > +++ b/man2/prctl.2 > @@ -2041,6 +2041,36 @@ the copy will be truncated. > Return (as the function result) > the full length of the auxiliary vector. > \fIarg4\fP and \fIarg5\fP must be 0. > +.TP > +.BR PR_SET_MDWE " (since Linux 6.3)" > +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 > +Set the calling process' Memory-Deny-Write-Execute protection mask. > +Once protection bits are set, > +they can not be changed. > +.IR arg2 This should've been .I. I've amended the patch: diff --git a/man2/prctl.2 b/man2/prctl.2 index 83060edd9..de53acfb0 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -2047,7 +2047,7 @@ .SH DESCRIPTION Set the calling process' Memory-Deny-Write-Execute protection mask. Once protection bits are set, they can not be changed. -.IR arg2 +.I arg2 must be a bit mask of: .RS .TP > +must be a bit mask of: > +.RS > +.TP > +.B PR_MDWE_REFUSE_EXEC_GAIN > +New memory mapping protections can't be writable and executable. > +Non-executable mappings can't become executable. > +.TP > +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)" > +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0 > +Do not propagate MDWE protection to child processes on > +.BR fork (2). > +Setting this bit requires setting > +.B PR_MDWE_REFUSE_EXEC_GAIN > +too. > +.RE > +.TP > +.BR PR_GET_MDWE " (since Linux 6.3)" > +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 > +Return (as the function result) the Memory-Deny-Write-Execute protection mask > +of the calling process. > +(See > +.B PR_SET_MDWE > +for information on the protection mask bits.) > .SH RETURN VALUE > On success, > .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , > -- > 2.42.0.655.g421f12c284-goog > -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
