diff options
| author | Topi Miettinen <toiwoton@gmail.com> | 2022-11-06 20:12:45 +0100 |
|---|---|---|
| committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2023-03-13 19:44:36 +0100 |
| commit | 7a114ed4b39e9670f6a511f3eecb6fd58274d27b (patch) | |
| tree | 72914d8845216087ad2983e13ce036c0518ba205 /src/basic/missing_prctl.h | |
| parent | Merge pull request #26749 from DaanDeMeyer/more-cleanups (diff) | |
| download | systemd-7a114ed4b39e9670f6a511f3eecb6fd58274d27b.tar.xz systemd-7a114ed4b39e9670f6a511f3eecb6fd58274d27b.zip | |
execute: use prctl(PR_SET_MDWE) for MemoryDenyWriteExecute=yes
On some ARM platforms, the dynamic linker could use PROT_BTI memory protection
flag with `mprotect(..., PROT_BTI | PROT_EXEC)` to enable additional memory
protection for executable pages. But `MemoryDenyWriteExecute=yes` blocks this
with seccomp filter denying all `mprotect(..., x | PROT_EXEC)`.
Newly preferred method is to use prctl(PR_SET_MDWE) on supported kernels. Then
in-kernel implementation can allow PROT_BTI as necessary, without weakening
MDWE. In-kernel version may also be extended to more sophisticated protections
in the future.
Diffstat (limited to 'src/basic/missing_prctl.h')
| -rw-r--r-- | src/basic/missing_prctl.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/basic/missing_prctl.h b/src/basic/missing_prctl.h index ab851306ba..016085bb02 100644 --- a/src/basic/missing_prctl.h +++ b/src/basic/missing_prctl.h @@ -12,3 +12,11 @@ #define PR_CAP_AMBIENT_LOWER 3 #define PR_CAP_AMBIENT_CLEAR_ALL 4 #endif + +/* b507808ebce23561d4ff8c2aa1fb949fe402bc61 (6.3) */ +#ifndef PR_SET_MDWE +#define PR_SET_MDWE 65 +#endif +#ifndef PR_MDWE_REFUSE_EXEC_GAIN +#define PR_MDWE_REFUSE_EXEC_GAIN 1 +#endif |