On Wed, 2004-11-10 at 10:35, Stephen Smalley wrote:
> Ok, based on feedback and some sample code from Roland McGrath (but any
> bugs are likely mine), here are revised kernel and policy patches with
> the following changes:
> - permission name has changed from wxpage to execmem to more accurately
> represent the meaning,
> - always check this permission for any executable anonymous mapping,
> whether presently writable or not,
> - check this permission not only for a writable executable private file
> mapping, but also for an executable private file mapping that has been
> previously written (based on whether a COW has occurred for the
> mapping).
> 
> This brings the check closer to the goal of controlling the ability to
> make executable a mapping that can contain data not covered by file
> permission checks.
> 
> Constructive comments welcome.

I've attached the final form of the kernel patch (and a corresponding
policy patch) that is being committed to our tree.  This patch differs
from the previous version in that it splits the single execmem
permission check into two separate permission checks:
1) a task->self execmem check for making executable anonymous mappings
and for making writable executable private file mappings, and
2) a task->file execmod check for making executable previously written
private file mappings (e.g. text relocations).

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency