[GHC] #14069: RTS linker maps code as writable
GHC
ghc-devs at haskell.org
Mon Jul 31 22:08:25 UTC 2017
#14069: RTS linker maps code as writable
-------------------------------------+-------------------------------------
Reporter: bgamari | Owner: (none)
Type: bug | Status: new
Priority: high | Milestone: 8.4.1
Component: Runtime System | Version: 8.0.1
(Linker) |
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
| Unknown/Multiple
Type of failure: None/Unknown | Test Case:
Blocked By: | Blocking:
Related Tickets: | Differential Rev(s):
Wiki Page: |
-------------------------------------+-------------------------------------
Description changed by bgamari:
Old description:
> GHC's RTS linker maps executable code in writable pages, representing a
> significant potential exploit point for arbitrary code execution. OpenBSD
> disallows running program that do this by default.
>
> Fix this.
New description:
GHC's RTS linker maps executable code in writable pages, representing a
significant potential exploit point for arbitrary code execution. OpenBSD
disallows running program that do this by default.
Instead we should first map pages as `PROT_READ | PROT_WRITE`, perform any
necessary relocations (which requires writing), and then `mprotect` it to
`PROT_READ | PROT_EXEC`.
To find the relevant code grep for `PROT_EXEC` in the `rts/` directory.
--
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/14069#comment:1>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list