To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: tvrtko.ursulin@sophos.com, Al Viro <viro@ftp.linux.org.uk>,
       Casey Schaufler <casey@schaufler-ca.com>,
       Christoph Hellwig <hch@infradead.org>, linux-kernel@vger.kernel.org,
       Valdis.Kletnieks@vt.edu
Subject: Re: Out of tree module using LSM
From: Andi Kleen <andi@firstfloor.org>
References: <20071128183040.GW8181@ftp.linux.org.uk>
	<OF699E23DA.E36E712D-ON802573A2.00591FA8-802573A2.005A44A2@sophos.com>
	<20071129173601.34273083@the-village.bc.nu>
Date: Thu, 29 Nov 2007 22:09:33 +0100
In-Reply-To: <20071129173601.34273083@the-village.bc.nu> (Alan Cox's message of "Thu\, 29 Nov 2007 17\:36\:01 +0000")
Message-ID: <p73myswyd0y.fsf@bingen.suse.de>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1039
Lines: 24

Alan Cox <alan@lxorguk.ukuu.org.uk> writes:

> If I want I can have 16 threads executing code in a shared object being
> written to by ten other programs at once and shared over a network while
> we are at it. Its probably not a good idea but I can do it if I have
> reason to.

Actually the kernel prevents writing to files which are executed currently
and you can also not execute what is currently open for writing.
That is what VM_DENYWRITE is good for.

Does not work for shared libraries though -- you cannot set VM_DENYWRITE
in user mmap aka ld.so Man page says

  MAP_DENYWRITE
              This flag is ignored.  (Long ago, it signalled that attempts to write to the underlying file should fail
              with ETXTBUSY.  But this was a source of denial-of-service attacks.)

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/