mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 11:22:10 +00:00
use SC_ALLOW_ARG_MASK to limit mmap protections
Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
This commit is contained in:
parent
f6906f9bf1
commit
e83c989bfd
@ -216,10 +216,10 @@ static const struct sock_filter preauth_insns[] = {
|
||||
SC_ALLOW(__NR_madvise),
|
||||
#endif
|
||||
#ifdef __NR_mmap
|
||||
SC_ALLOW(__NR_mmap),
|
||||
SC_ALLOW_ARG_MASK(__NR_mmap, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
||||
#endif
|
||||
#ifdef __NR_mmap2
|
||||
SC_ALLOW(__NR_mmap2),
|
||||
SC_ALLOW_ARG_MASK(__NR_mmap2, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
||||
#endif
|
||||
#ifdef __NR_mprotect
|
||||
SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE),
|
||||
|
Loading…
Reference in New Issue
Block a user