RepoMirrors/musl
1
0
Fork 0
mirror of git://git.musl-libc.org/musl synced 2025-03-01 17:20:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

make pthread stacks non-executable

Browse Source 
this change is necessary or pthread_create will always fail on
security-hardened kernels. i considered first trying to make the stack
executable and simply retrying without execute permissions when the
first try fails, but (1) this would incur a serious performance
penalty on hardened systems, and (2) having the stack be executable is
just a bad idea from a security standpoint.

if there is real-world "GNU C" code that uses nested functions with
threads, and it can't be fixed, we'll have to consider other ways of
solving the problem, but for now this seems like the best fix.
This commit is contained in:
Rich Felker 2012-05-04 22:51:59 -04:00
parent f8e054f951
commit 7e4d79464a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/thread/pthread_create.c
View File

@ -104,7 +104,7 @@ int pthread_create(pthread_t *res, const pthread_attr_t *attr, void *(*entry)(vo
size = guard + ROUND(attr->_a_stacksize + DEFAULT_STACK_SIZE); size = guard + ROUND(attr->_a_stacksize + DEFAULT_STACK_SIZE);
} }
size += __pthread_tsd_size; size += __pthread_tsd_size;
map = mmap(0, size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0); map = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
if (map == MAP_FAILED) return EAGAIN; if (map == MAP_FAILED) return EAGAIN;
if (guard) mprotect(map, guard, PROT_NONE); if (guard) mprotect(map, guard, PROT_NONE);