diff options
| author | Rich Felker <dalias@aerifal.cx> | 2012-05-04 22:51:59 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2012-05-04 22:51:59 -0400 |
| commit | 7e4d79464adc3140b03f6e92a902d061c99b9ebe (patch) | |
| tree | 9ba88cd3bcefe5bb23234c21de44dbc550d779d6 /src/thread | |
| parent | f8e054f95197bf9c4463122fba3ebc586d4a99f6 (diff) | |
| download | musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.tar.gz musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.tar.xz musl-7e4d79464adc3140b03f6e92a902d061c99b9ebe.zip | |
make pthread stacks non-executable
this change is necessary or pthread_create will always fail on security-hardened kernels. i considered first trying to make the stack executable and simply retrying without execute permissions when the first try fails, but (1) this would incur a serious performance penalty on hardened systems, and (2) having the stack be executable is just a bad idea from a security standpoint. if there is real-world "GNU C" code that uses nested functions with threads, and it can't be fixed, we'll have to consider other ways of solving the problem, but for now this seems like the best fix.
Diffstat (limited to 'src/thread')
| -rw-r--r-- | src/thread/pthread_create.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/thread/pthread_create.c b/src/thread/pthread_create.c index c3b65ae9..917be54f 100644 --- a/src/thread/pthread_create.c +++ b/src/thread/pthread_create.c @@ -104,7 +104,7 @@ int pthread_create(pthread_t *res, const pthread_attr_t *attr, void *(*entry)(vo size = guard + ROUND(attr->_a_stacksize + DEFAULT_STACK_SIZE); } size += __pthread_tsd_size; - map = mmap(0, size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0); + map = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); if (map == MAP_FAILED) return EAGAIN; if (guard) mprotect(map, guard, PROT_NONE); |