From: Sergey Bugaev <bugaevc@gmail.com>
Date: Sun, 25 Jun 2023 23:17:48 +0000 (+0300)
Subject: hurd: Map brk non-executable
X-Git-Tag: glibc-2.38~85
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b5e576fc21931969c0a1b53fdaf7ce3bfcebb86;p=thirdparty%2Fglibc.git

hurd: Map brk non-executable

The rest of the heap (backed by individual pages) is already mapped RW.
Mapping these pages RWX presents a security hazard.

Also, in another branch memory gets allocated using vm_allocate, which
sets memory protection to VM_PROT_DEFAULT (which is RW). The mismatch
between protections prevents Mach from coalescing the VM map entries.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230625231751.404120-2-bugaevc@gmail.com>
---

diff --git a/sysdeps/mach/hurd/brk.c b/sysdeps/mach/hurd/brk.c
index f1349495f55..3a335194f5d 100644
--- a/sysdeps/mach/hurd/brk.c
+++ b/sysdeps/mach/hurd/brk.c
@@ -106,7 +106,7 @@ _hurd_set_brk (vm_address_t addr)
 	/* First finish allocation.  */
 	err = __vm_protect (__mach_task_self (), pagebrk,
 			    alloc_start - pagebrk, 0,
-			    VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
+			    VM_PROT_READ|VM_PROT_WRITE);
       if (! err)
 	_hurd_brk = alloc_start;
 
@@ -120,7 +120,7 @@ _hurd_set_brk (vm_address_t addr)
   else
     /* Make the memory accessible.  */
     err = __vm_protect (__mach_task_self (), pagebrk, pagend - pagebrk,
-			0, VM_PROT_READ|VM_PROT_WRITE|VM_PROT_EXECUTE);
+			0, VM_PROT_READ|VM_PROT_WRITE);
 
   if (err)
     return __hurd_fail (err);