[Apparmor-general] What is the purpose of memory map as
executable?
John Johansen
jjohansen at suse.de
Sat Sep 22 14:42:23 MDT 2007
On Sat, Sep 22, 2007 at 11:27:43PM +0800, Cliffe wrote:
> Could someone please enlighten me?
>
> What is the purpose of the "m" (memory map as executable) permission?
>
> Why would we need to set "m" if the file is not also given a form of
> execution permission?
>
That is an interesting question,
m serves 3 purposes currently
- it preserves the intent of execute vs. executabe mmap so that the
tools don't ask about the type of exec for for executable mmaps
- it provides a behavioral difference between m and ix so that
a difference in behavior can be caught. eg. trying execute
ld.so instead of mmaping it
- it provides a way for the memory map executable permission to
overlap, execution permissions which usually conflict.
eg. (well a poor example)
/lib/**.so rix,
/lib/foo*.so px,
would conflict but
/lib/**.s mr,
/lib/foo*.so px,
does not conflict.
The m bit security wise has no more value than using ix (except for the
chance of catching a behavioral change), so it isn't strictly
necessary. And in fact in AppArmor ix implies m so that when ix
is specified you get both m and ix.
When we looked at adding the m bit this was debated and it was decided
that maintaining the intent of mapping verses execute in the policy
made working with the tools easier, despite having the complexity
of the extra permission bit.
Kernel side we could map the m bit back to ix but we haven't so far
so we can detect the behavioral difference.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070922/a739ea1e/attachment.pgp
More information about the Apparmor-general
mailing list