core: Restrict mmap and mprotect with PAGE_WRITE|PAGE_EXEC (#3319) (#3379)

[thirdparty/systemd.git] / man / systemd.exec.xml

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 58f18f3a9e97880442b71626ed184617c9fffc58..4a3dd14c399a526659830bf4b3c0c52b5ff19702 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -1388,6 +1388,22 @@
         <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>MemoryDenyWriteExecute=</varname></term>
+
+        <listitem><para>Takes a boolean argument. If set, attempts to create memory mappings that are writable and
+        executable at the same time, or to change existing memory mappings to become executable are prohibited.
+        Specifically, a system call filter is added that rejects
+        <citerefentry><refentrytitle>mmap</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+        system calls with both <constant>PROT_EXEC</constant> and <constant>PROT_WRITE</constant> set
+        and <citerefentry><refentrytitle>mprotect</refentrytitle><manvolnum>2</manvolnum></citerefentry>
+        system calls with <constant>PROT_EXEC</constant> set. Note that this option is incompatible with programs
+        that generate program code dynamically at runtime, such as JIT execution engines, or programs compiled making
+        use of the code "trampoline" feature of various C compilers. This option improves service security, as it makes
+        harder for software exploits to change running code dynamically.
+        </para></listitem>
+      </varlistentry>
+
     </variablelist>
   </refsect1>