Index: linux-2.6/security/selinux/avc.c =================================================================== RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/avc.c,v retrieving revision 1.47 diff -u -r1.47 avc.c --- linux-2.6/security/selinux/avc.c 27 Oct 2004 20:09:53 -0000 1.47 +++ linux-2.6/security/selinux/avc.c 10 Nov 2004 14:51:22 -0000 @@ -576,6 +576,8 @@ vma = vma->vm_next; } up_read(&mm->mmap_sem); + } else { + audit_log_format(ab, " comm=%s", tsk->comm); } if (tsk != current) mmput(mm); Index: linux-2.6/security/selinux/hooks.c =================================================================== RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v retrieving revision 1.132 diff -u -r1.132 hooks.c --- linux-2.6/security/selinux/hooks.c 25 Oct 2004 12:51:44 -0000 1.132 +++ linux-2.6/security/selinux/hooks.c 10 Nov 2004 14:45:22 -0000 @@ -2441,6 +2441,17 @@ static int file_map_prot_check(struct file *file, unsigned long prot, int shared) { + if ((prot & PROT_EXEC) && (!file || (!shared && (prot & PROT_WRITE)))) { + /* + * We are making executable an anonymous mapping or a + * private file mapping that will be writable or has been + * written before. This has an additional check. + */ + int rc = task_has_perm(current, current, PROCESS__EXECMEM); + if (rc) + return rc; + } + if (file) { /* read access is always possible with a mapping */ u32 av = FILE__READ; @@ -2478,6 +2489,15 @@ if (rc) return rc; + if (vma->vm_file != NULL && vma->anon_vma != NULL) { + /* + * This is a file mapping that has had some COW done. + * Since pages might have been written, apply the check + * for having writable and executable anonymous pages. + */ + prot |= PROT_WRITE; + } + return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED); } Index: linux-2.6/security/selinux/include/av_perm_to_string.h =================================================================== RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/include/av_perm_to_string.h,v retrieving revision 1.15 diff -u -r1.15 av_perm_to_string.h --- linux-2.6/security/selinux/include/av_perm_to_string.h 5 Oct 2004 17:35:29 -0000 1.15 +++ linux-2.6/security/selinux/include/av_perm_to_string.h 10 Nov 2004 14:45:22 -0000 @@ -62,6 +62,7 @@ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") + S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") S_(SECCLASS_MSG, MSG__SEND, "send") S_(SECCLASS_MSG, MSG__RECEIVE, "receive") Index: linux-2.6/security/selinux/include/av_permissions.h =================================================================== RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/include/av_permissions.h,v retrieving revision 1.14 diff -u -r1.14 av_permissions.h --- linux-2.6/security/selinux/include/av_permissions.h 5 Oct 2004 17:35:29 -0000 1.14 +++ linux-2.6/security/selinux/include/av_permissions.h 10 Nov 2004 14:45:22 -0000 @@ -456,6 +456,7 @@ #define PROCESS__SIGINH 0x00100000UL #define PROCESS__SETRLIMIT 0x00200000UL #define PROCESS__RLIMITINH 0x00400000UL +#define PROCESS__EXECMEM 0x00800000UL #define IPC__CREATE 0x00000001UL #define IPC__DESTROY 0x00000002UL