Hi,
Maybe this is a stupid question and I didn't test this with SELinux, but
it looks to me that SELinux execmem does not prevent process from
getting writable and executable memory mappings by using shmat(...,
SHM_EXEC). Shouldn't this be blocked by execmem, I suppose it is there
to prevent this kind of memory access?
Here's a test program:
#include <sys/ipc.h>
#include <sys/shm.h>
int main(void) {
int shmid;
char *execmem;
void (*fn)(void);
shmid = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777);
execmem = shmat(shmid, 0, SHM_EXEC);
shmctl(shmid, IPC_RMID, 0);
*execmem = 0xc3; // retq
fn = (void (*)(void))execmem;
fn();
shmdt(execmem);
}
-Topi
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
