From 4b90229cd2dcffc8519a4cd34f51fce71e38308e Mon Sep 17 00:00:00 2001 From: cgd Date: Thu, 15 Jul 1993 14:48:37 +0000 Subject: [PATCH] do the "right thing" with mmap protections, once and for all. in particular, if an object is mapped private, DO NOT grant VM_PROT_ALL protections to it; it could be sensitive data. --- sys/vm/vm_mmap.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c index 9f796fe6d759..78e4a17df30a 100644 --- a/sys/vm/vm_mmap.c +++ b/sys/vm/vm_mmap.c @@ -38,7 +38,7 @@ * from: Utah $Hdr: vm_mmap.c 1.3 90/01/21$ * * from: @(#)vm_mmap.c 7.5 (Berkeley) 6/28/91 - * $Id: vm_mmap.c,v 1.8 1993/07/07 11:25:32 cgd Exp $ + * $Id: vm_mmap.c,v 1.9 1993/07/15 14:48:37 cgd Exp $ */ /* @@ -131,7 +131,7 @@ smmap(p, uap, retval) if (mmapdebug & MDB_FOLLOW) printf("mmap(%d): addr %x len %x pro %x flg %x fd %d pos %x\n", p->p_pid, uap->addr, uap->len, uap->prot, - uap->flags, uap->fd, uap->pos); + flags, uap->fd, uap->pos); #endif /* * Make sure one of the sharing types is specified @@ -187,7 +187,8 @@ smmap(p, uap, retval) /* * Ensure that file protection and desired protection * are compatible. Note that we only worry about writability - * if mapping is shared. + * if mapping is shared. XXX (cgd) -- coalese access checks + * and permissions setting. */ if ((uap->prot & PROT_READ) && (fp->f_flag & FREAD) == 0 || ((flags & MAP_SHARED) && @@ -195,17 +196,16 @@ smmap(p, uap, retval) return(EACCES); handle = (caddr_t)vp; /* - * Map protections to MACH style + * Map maximum protections to MACH style */ - if(flags & MAP_SHARED) { - maxprot = VM_PROT_EXECUTE; - if (fp->f_flag & FREAD) - maxprot |= VM_PROT_READ; + maxprot = VM_PROT_EXECUTE; /* ??? */ + if (fp->f_flag & FREAD) + maxprot |= VM_PROT_READ; + if(uap->flags & MAP_SHARED) { if (fp->f_flag & FWRITE) maxprot |= VM_PROT_WRITE; - } else { - maxprot = VM_PROT_ALL; - } + } else + maxprot |= VM_PROT_WRITE; } else if (uap->fd != -1) { maxprot = VM_PROT_ALL; handle = (caddr_t)fp; @@ -214,7 +214,7 @@ smmap(p, uap, retval) handle = NULL; } /* - * Map protections to MACH style + * Map current protections to MACH style */ prot = VM_PROT_NONE; if (uap->prot & PROT_READ) @@ -652,12 +652,8 @@ vm_mmap(map, addr, size, prot, maxprot, flags, handle, foff) /* * Correct protection (default is VM_PROT_ALL). * Note that we set the maximum protection. This may not be - * entirely correct. Maybe the maximum protection should be based - * on the object permissions where it makes sense (e.g. a vnode). - * - * XXX Changed my mind: leave max prot at VM_PROT_ALL. - * Changed again: indeed set maximum protection based on - * object permissions. + * entirely correct. The maximum protection is be based on + * the object permissions where it makes sense (e.g. a vnode). */ rv = vm_map_protect(map, *addr, *addr+size, prot, FALSE); if (rv != KERN_SUCCESS) {